diff --git a/FORK.md b/FORK.md
index 7755d91bd3..e4846d5152 100644
--- a/FORK.md
+++ b/FORK.md
@@ -1 +1,7 @@
-568f0805d2f427ee2d78ff1eb13233883a0737bb
+# Fork
+
+## optimism
+
+- tag: `v1.0.3`
+- differences
+  - to be updated
diff --git a/components/node/client/polling.go b/components/node/client/polling.go
index 8794feac5f..033a8942de 100644
--- a/components/node/client/polling.go
+++ b/components/node/client/polling.go
@@ -57,7 +57,7 @@ func NewPollingClient(ctx context.Context, lgr log.Logger, c RPC, opts ...Wrappe
 	res := &PollingClient{
 		c:         c,
 		lgr:       lgr,
-		pollRate:  250 * time.Millisecond,
+		pollRate:  12 * time.Second,
 		ctx:       ctx,
 		cancel:    cancel,
 		pollReqCh: make(chan struct{}, 1),
diff --git a/components/node/client/rate_limited.go b/components/node/client/rate_limited.go
new file mode 100644
index 0000000000..9f4bfa159b
--- /dev/null
+++ b/components/node/client/rate_limited.go
@@ -0,0 +1,52 @@
+package client
+
+import (
+	"context"
+	"time"
+
+	"github.com/ethereum/go-ethereum"
+	"github.com/ethereum/go-ethereum/rpc"
+	"golang.org/x/time/rate"
+)
+
+// RateLimitingClient is a wrapper around a pure RPC that implements a global rate-limit on requests.
+type RateLimitingClient struct {
+	c  RPC
+	rl *rate.Limiter
+}
+
+// NewRateLimitingClient implements a global rate-limit for all RPC requests.
+// A limit of N will ensure that over a long enough time-frame the given number of tokens per second is targeted.
+// Burst limits how far off we can be from the target, by specifying how many requests are allowed at once.
+func NewRateLimitingClient(c RPC, limit rate.Limit, burst int) *RateLimitingClient {
+	return &RateLimitingClient{c: c, rl: rate.NewLimiter(limit, burst)}
+}
+
+func (b *RateLimitingClient) Close() {
+	b.c.Close()
+}
+
+func (b *RateLimitingClient) CallContext(ctx context.Context, result any, method string, args ...any) error {
+	if err := b.rl.Wait(ctx); err != nil {
+		return err
+	}
+	cCtx, cancel := context.WithTimeout(ctx, 10*time.Second)
+	defer cancel()
+	return b.c.CallContext(cCtx, result, method, args...)
+}
+
+func (b *RateLimitingClient) BatchCallContext(ctx context.Context, batch []rpc.BatchElem) error {
+	if err := b.rl.WaitN(ctx, len(batch)); err != nil {
+		return err
+	}
+	cCtx, cancel := context.WithTimeout(ctx, 20*time.Second)
+	defer cancel()
+	return b.c.BatchCallContext(cCtx, batch)
+}
+
+func (b *RateLimitingClient) EthSubscribe(ctx context.Context, channel any, args ...any) (ethereum.Subscription, error) {
+	if err := b.rl.Wait(ctx); err != nil {
+		return nil, err
+	}
+	return b.c.EthSubscribe(ctx, channel, args...)
+}
diff --git a/components/node/client/rpc.go b/components/node/client/rpc.go
index 73d8690851..e7c9e13d8a 100644
--- a/components/node/client/rpc.go
+++ b/components/node/client/rpc.go
@@ -10,6 +10,7 @@ import (
 	"github.com/ethereum/go-ethereum/log"
 	"github.com/ethereum/go-ethereum/rpc"
 	"github.com/prometheus/client_golang/prometheus"
+	"golang.org/x/time/rate"
 
 	"github.com/kroma-network/kroma/components/node/metrics"
 	"github.com/kroma-network/kroma/utils/service/backoff"
@@ -24,27 +25,88 @@ type RPC interface {
 	EthSubscribe(ctx context.Context, channel any, args ...any) (ethereum.Subscription, error)
 }
 
+type rpcConfig struct {
+	elCliRPCOptions  []rpc.ClientOption
+	httpPollInterval time.Duration
+	backoffAttempts  int
+	limit            float64
+	burst            int
+}
+
+type RPCOption func(cfg *rpcConfig) error
+
+// WithDialBackoff configures the number of attempts for the initial dial to the RPC,
+// attempts are executed with an exponential backoff strategy.
+func WithDialBackoff(attempts int) RPCOption {
+	return func(cfg *rpcConfig) error {
+		cfg.backoffAttempts = attempts
+		return nil
+	}
+}
+
+// WithHttpPollInterval configures the RPC to poll at the given rate, in case RPC subscriptions are not available.
+func WithHttpPollInterval(duration time.Duration) RPCOption {
+	return func(cfg *rpcConfig) error {
+		cfg.httpPollInterval = duration
+		return nil
+	}
+}
+
+// WithGethRPCOptions passes the list of go-ethereum RPC options to the internal RPC instance.
+func WithGethRPCOptions(gethRPCOptions ...rpc.ClientOption) RPCOption {
+	return func(cfg *rpcConfig) error {
+		cfg.elCliRPCOptions = append(cfg.elCliRPCOptions, gethRPCOptions...)
+		return nil
+	}
+}
+
+// WithRateLimit configures the RPC to target the given rate limit (in requests / second).
+// See NewRateLimitingClient for more details.
+func WithRateLimit(rateLimit float64, burst int) RPCOption {
+	return func(cfg *rpcConfig) error {
+		cfg.limit = rateLimit
+		cfg.burst = burst
+		return nil
+	}
+}
+
 // NewRPC returns the correct client.RPC instance for a given RPC url.
-func NewRPC(ctx context.Context, lgr log.Logger, addr string, opts ...rpc.ClientOption) (RPC, error) {
-	underlying, err := DialRPCClientWithBackoff(ctx, lgr, addr, opts...)
+func NewRPC(ctx context.Context, lgr log.Logger, addr string, opts ...RPCOption) (RPC, error) {
+	var cfg rpcConfig
+	for i, opt := range opts {
+		if err := opt(&cfg); err != nil {
+			return nil, fmt.Errorf("rpc option %d failed to apply to RPC config: %w", i, err)
+		}
+	}
+	if cfg.backoffAttempts < 1 { // default to at least 1 attempt, or it always fails to dial.
+		cfg.backoffAttempts = 1
+	}
+
+	underlying, err := dialRPCClientWithBackoff(ctx, lgr, addr, cfg.backoffAttempts, cfg.elCliRPCOptions...)
 	if err != nil {
 		return nil, err
 	}
 
-	wrapped := &BaseRPCClient{
+	var wrapped RPC = &BaseRPCClient{
 		c: underlying,
 	}
+
+	if cfg.limit != 0 {
+		wrapped = NewRateLimitingClient(wrapped, rate.Limit(cfg.limit), cfg.burst)
+	}
+
 	if httpRegex.MatchString(addr) {
-		return NewPollingClient(ctx, lgr, wrapped), nil
+		wrapped = NewPollingClient(ctx, lgr, wrapped, WithPollRate(cfg.httpPollInterval))
 	}
+
 	return wrapped, nil
 }
 
 // Dials a JSON-RPC endpoint repeatedly, with a backoff, until a client connection is established. Auth is optional.
-func DialRPCClientWithBackoff(ctx context.Context, log log.Logger, addr string, opts ...rpc.ClientOption) (*rpc.Client, error) {
+func dialRPCClientWithBackoff(ctx context.Context, log log.Logger, addr string, attempts int, opts ...rpc.ClientOption) (*rpc.Client, error) {
 	bOff := backoff.Exponential()
 	var ret *rpc.Client
-	err := backoff.DoCtx(ctx, 10, bOff, func() error {
+	err := backoff.DoCtx(ctx, attempts, bOff, func() error {
 		client, err := rpc.DialOptions(ctx, addr, opts...)
 		if err != nil {
 			if client == nil {
diff --git a/components/node/cmd/batch_decoder/README.md b/components/node/cmd/batch_decoder/README.md
index f8c192da55..2329ed509a 100644
--- a/components/node/cmd/batch_decoder/README.md
+++ b/components/node/cmd/batch_decoder/README.md
@@ -50,6 +50,12 @@ those frames need to be generated differently than simply closing the channel.
 
 # Select all channels that are not ready and then get the id and inclusion block & tx hash of the first frame.
 > jq "select(.is_ready == false)|[.id, .frames[0].inclusion_block, .frames[0].transaction_hash]"  $CHANNEL_DIR
+
+# Show all of the frames in a channel without seeing the batches or frame data
+> jq 'del(.batches)|del(.frames[]|.frame.data)' $CHANNEL_FILE
+
+# Show all batches (without timestamps) in a channel
+> jq '.batches|del(.[]|.Transactions)' $CHANNEL_FILE
 ```
 
 
diff --git a/components/node/eth/label.go b/components/node/eth/label.go
index f79629e607..b741f2e342 100644
--- a/components/node/eth/label.go
+++ b/components/node/eth/label.go
@@ -17,3 +17,9 @@ const (
 	// - L2: Derived chain tip from finalized L1 data
 	Finalized = "finalized"
 )
+
+func (label BlockLabel) Arg() any { return string(label) }
+
+func (BlockLabel) CheckID(id BlockID) error {
+	return nil
+}
diff --git a/components/node/eth/sync_status.go b/components/node/eth/sync_status.go
index e57e64aff1..d50e8aacdf 100644
--- a/components/node/eth/sync_status.go
+++ b/components/node/eth/sync_status.go
@@ -32,4 +32,7 @@ type SyncStatus struct {
 	// FinalizedL2 points to the L2 block that was derived fully from
 	// finalized L1 information, thus irreversible.
 	FinalizedL2 L2BlockRef `json:"finalized_l2"`
+	// UnsafeL2SyncTarget points to the first unprocessed unsafe L2 block.
+	// It may be zeroed if there is no targeted block.
+	UnsafeL2SyncTarget L2BlockRef `json:"queued_unsafe_l2"`
 }
diff --git a/components/node/flags/flags.go b/components/node/flags/flags.go
index 0f5c6e66d2..688b536ef3 100644
--- a/components/node/flags/flags.go
+++ b/components/node/flags/flags.go
@@ -14,10 +14,10 @@ import (
 
 // Flags
 
-const envVarPrefix = "NODE_"
+const envVarPrefix = "NODE"
 
 func prefixEnvVar(name string) string {
-	return envVarPrefix + name
+	return envVarPrefix + "_" + name
 }
 
 var (
@@ -75,6 +75,24 @@ var (
 			return &out
 		}(),
 	}
+	L1RPCRateLimit = cli.Float64Flag{
+		Name:   "l1.rpc-rate-limit",
+		Usage:  "Optional self-imposed global rate-limit on L1 RPC requests, specified in requests / second. Disabled if set to 0.",
+		EnvVar: prefixEnvVar("L1_RPC_RATE_LIMIT"),
+		Value:  0,
+	}
+	L1RPCMaxBatchSize = cli.IntFlag{
+		Name:   "l1.rpc-max-batch-size",
+		Usage:  "Maximum number of RPC requests to bundle, e.g. during L1 blocks receipt fetching. The L1 RPC rate limit counts this as N items, but allows it to burst at once.",
+		EnvVar: prefixEnvVar("L1_RPC_MAX_BATCH_SIZE"),
+		Value:  20,
+	}
+	L1HTTPPollInterval = cli.DurationFlag{
+		Name:   "l1.http-poll-interval",
+		Usage:  "Polling interval for latest-block subscription when using an HTTP RPC provider. Ignored for other types of RPC endpoints.",
+		EnvVar: prefixEnvVar("L1_HTTP_POLL_INTERVAL"),
+		Value:  time.Second * 12,
+	}
 	L2EngineJWTSecret = cli.StringFlag{
 		Name:        "l2.jwt-secret",
 		Usage:       "Path to JWT secret key. Keys are 32 bytes, hex encoded in a file. A new key will be generated if left empty.",
@@ -100,6 +118,13 @@ var (
 		Usage:  "Initialize the proposer in a stopped state. The proposer can be started using the admin_startProposer RPC",
 		EnvVar: prefixEnvVar("PROPOSER_STOPPED"),
 	}
+	ProposerMaxSafeLagFlag = cli.Uint64Flag{
+		Name:     "proposer.max-safe-lag",
+		Usage:    "Maximum number of L2 blocks for restricting the distance between L2 safe and unsafe. Disabled if 0.",
+		EnvVar:   prefixEnvVar("PROPOSER_MAX_SAFE_LAG"),
+		Required: false,
+		Value:    0,
+	}
 	ProposerL1Confs = cli.Uint64Flag{
 		Name:     "proposer.l1-confs",
 		Usage:    "Number of L1 blocks to keep distance from the L1 head as a proposer for picking an L1 origin.",
@@ -175,6 +200,13 @@ var (
 		EnvVar:   prefixEnvVar("L2_BACKUP_UNSAFE_SYNC_RPC"),
 		Required: false,
 	}
+	BackupL2UnsafeSyncRPCTrustRPC = cli.StringFlag{
+		Name: "l2.backup-unsafe-sync-rpc.trustrpc",
+		Usage: "Like l1.trustrpc, configure if response data from the RPC needs to be verified, e.g. blockhash computation." +
+			"This does not include checks if the blockhash is part of the canonical chain.",
+		EnvVar:   prefixEnvVar("L2_BACKUP_UNSAFE_SYNC_RPC_TRUST_RPC"),
+		Required: false,
+	}
 )
 
 var requiredFlags = []cli.Flag{
@@ -189,10 +221,14 @@ var optionalFlags = []cli.Flag{
 	Network,
 	L1TrustRPC,
 	L1RPCProviderKind,
+	L1RPCRateLimit,
+	L1RPCMaxBatchSize,
+	L1HTTPPollInterval,
 	L2EngineJWTSecret,
 	SyncerL1Confs,
 	ProposerEnabledFlag,
 	ProposerStoppedFlag,
+	ProposerMaxSafeLagFlag,
 	ProposerL1Confs,
 	L1EpochPollIntervalFlag,
 	RPCEnableAdmin,
@@ -207,6 +243,7 @@ var optionalFlags = []cli.Flag{
 	HeartbeatMonikerFlag,
 	HeartbeatURLFlag,
 	BackupL2UnsafeSyncRPC,
+	BackupL2UnsafeSyncRPCTrustRPC,
 }
 
 // Flags contains the list of configuration options available to the binary.
diff --git a/components/node/flags/p2p_flags.go b/components/node/flags/p2p_flags.go
index bc2ea4428b..ec0c8c048c 100644
--- a/components/node/flags/p2p_flags.go
+++ b/components/node/flags/p2p_flags.go
@@ -34,6 +34,15 @@ var (
 		Value:    "none",
 		EnvVar:   p2pEnv("PEER_SCORING"),
 	}
+	PeerScoreBands = cli.StringFlag{
+		Name: "p2p.score.bands",
+		Usage: "Sets the peer score bands used primarily for peer score metrics. " +
+			"Should be provided in following format: <threshold>:<label>;<threshold>:<label>;..." +
+			"For example: -40:graylist;-20:restricted;0:nopx;20:friend;",
+		Required: false,
+		Value:    "-40:graylist;-20:restricted;0:nopx;20:friend;",
+		EnvVar:   p2pEnv("SCORE_BANDS"),
+	}
 
 	// Banning Flag - whether or not we want to act on the scoring
 	Banning = cli.BoolFlag{
@@ -267,6 +276,12 @@ var (
 		Hidden:   true,
 		EnvVar:   p2pEnv("GOSSIP_FLOOD_PUBLISH"),
 	}
+	SyncReqRespFlag = cli.BoolFlag{
+		Name:     "p2p.sync.req-resp",
+		Usage:    "Enables experimental P2P req-resp alternative sync method, on both server and client side.",
+		Required: false,
+		EnvVar:   p2pEnv("SYNC_REQ_RESP"),
+	}
 )
 
 // None of these flags are strictly required.
@@ -276,6 +291,10 @@ var p2pFlags = []cli.Flag{
 	NoDiscovery,
 	P2PPrivPath,
 	P2PPrivRaw,
+	PeerScoring,
+	PeerScoreBands,
+	Banning,
+	TopicScoring,
 	ListenIP,
 	ListenTCPPort,
 	ListenUDPPort,
@@ -302,4 +321,5 @@ var p2pFlags = []cli.Flag{
 	GossipMeshDhiFlag,
 	GossipMeshDlazyFlag,
 	GossipFloodPublishFlag,
+	SyncReqRespFlag,
 }
diff --git a/components/node/metrics/metrics.go b/components/node/metrics/metrics.go
index f1f32d19fd..f2c09ad377 100644
--- a/components/node/metrics/metrics.go
+++ b/components/node/metrics/metrics.go
@@ -15,7 +15,6 @@ import (
 	"github.com/ethereum/go-ethereum/rpc"
 	pb "github.com/libp2p/go-libp2p-pubsub/pb"
 	libp2pmetrics "github.com/libp2p/go-libp2p/core/metrics"
-	"github.com/libp2p/go-libp2p/core/peer"
 	"github.com/prometheus/client_golang/prometheus"
 	"github.com/prometheus/client_golang/prometheus/collectors"
 	"github.com/prometheus/client_golang/prometheus/promhttp"
@@ -63,8 +62,12 @@ type Metricer interface {
 	RecordProposerBuildingDiffTime(duration time.Duration)
 	RecordProposerSealingTime(duration time.Duration)
 	Document() []metrics.DocumentedMetric
+	RecordChannelInputBytes(num int)
 	// P2P Metrics
-	RecordPeerScoring(peerID peer.ID, score float64)
+	SetPeerScores(scores map[string]float64)
+	ClientPayloadByNumberEvent(num uint64, resultCode byte, duration time.Duration)
+	ServerPayloadByNumberEvent(num uint64, resultCode byte, duration time.Duration)
+	PayloadsQuarantineSize(n int)
 }
 
 // Metrics tracks all the metrics for the kroma-node.
@@ -89,6 +92,12 @@ type Metrics struct {
 	SequencingErrors *EventMetrics
 	PublishingErrors *EventMetrics
 
+	P2PReqDurationSeconds *prometheus.HistogramVec
+	P2PReqTotal           *prometheus.CounterVec
+	P2PPayloadByNumber    *prometheus.GaugeVec
+
+	PayloadsQuarantineTotal prometheus.Gauge
+
 	ProposerInconsistentL1Origin *EventMetrics
 	ProposerResets               *EventMetrics
 
@@ -121,6 +130,8 @@ type Metrics struct {
 	GossipEventsTotal *prometheus.CounterVec
 	BandwidthTotal    *prometheus.GaugeVec
 
+	ChannelInputBytes prometheus.Counter
+
 	registry *prometheus.Registry
 	factory  metrics.Factory
 }
@@ -285,21 +296,24 @@ func NewMetrics(procName string) *Metrics {
 			Name:      "peer_count",
 			Help:      "Count of currently connected p2p peers",
 		}),
-		StreamCount: factory.NewGauge(prometheus.GaugeOpts{
-			Namespace: ns,
-			Subsystem: "p2p",
-			Name:      "stream_count",
-			Help:      "Count of currently connected p2p streams",
-		}),
+		// Notice: We cannot use peer ids as [Labels] in the GaugeVec
+		// since peer ids would open a service attack vector.
+		// Each peer id would be a separate metric, flooding prometheus.
+		//
+		// [Labels]: https://prometheus.io/docs/practices/naming/#labels
 		PeerScores: factory.NewGaugeVec(prometheus.GaugeOpts{
 			Namespace: ns,
 			Subsystem: "p2p",
 			Name:      "peer_scores",
-			Help:      "Peer scoring",
+			Help:      "Count of peer scores grouped by score",
 		}, []string{
-			// No label names here since peer ids would open a service attack vector.
-			// Each peer id would be a separate metric, flooding prometheus.
-			// See: https://prometheus.io/docs/practices/naming/#labels
+			"band",
+		}),
+		StreamCount: factory.NewGauge(prometheus.GaugeOpts{
+			Namespace: ns,
+			Subsystem: "p2p",
+			Name:      "stream_count",
+			Help:      "Count of currently connected p2p streams",
 		}),
 		GossipEventsTotal: factory.NewCounterVec(prometheus.CounterOpts{
 			Namespace: ns,
@@ -317,6 +331,49 @@ func NewMetrics(procName string) *Metrics {
 		}, []string{
 			"direction",
 		}),
+		ChannelInputBytes: factory.NewCounter(prometheus.CounterOpts{
+			Namespace: ns,
+			Name:      "channel_input_bytes",
+			Help:      "Number of compressed bytes added to the channel",
+		}),
+
+		P2PReqDurationSeconds: factory.NewHistogramVec(prometheus.HistogramOpts{
+			Namespace: ns,
+			Subsystem: "p2p",
+			Name:      "req_duration_seconds",
+			Buckets:   []float64{},
+			Help:      "Duration of P2P requests",
+		}, []string{
+			"p2p_role", // "client" or "server"
+			"p2p_method",
+			"result_code",
+		}),
+
+		P2PReqTotal: factory.NewCounterVec(prometheus.CounterOpts{
+			Namespace: ns,
+			Subsystem: "p2p",
+			Name:      "req_total",
+			Help:      "Number of P2P requests",
+		}, []string{
+			"p2p_role", // "client" or "server"
+			"p2p_method",
+			"result_code",
+		}),
+
+		P2PPayloadByNumber: factory.NewGaugeVec(prometheus.GaugeOpts{
+			Namespace: ns,
+			Subsystem: "p2p",
+			Name:      "payload_by_number",
+			Help:      "Payload by number requests",
+		}, []string{
+			"p2p_role", // "client" or "server"
+		}),
+		PayloadsQuarantineTotal: factory.NewGauge(prometheus.GaugeOpts{
+			Namespace: ns,
+			Subsystem: "p2p",
+			Name:      "payloads_quarantine_total",
+			Help:      "number of unverified execution payloads buffered in quarantine",
+		}),
 
 		ProposerBuildingDiffDurationSeconds: factory.NewHistogram(prometheus.HistogramOpts{
 			Namespace: ns,
@@ -348,6 +405,14 @@ func NewMetrics(procName string) *Metrics {
 	}
 }
 
+// SetPeerScores updates the peer score [prometheus.GaugeVec].
+// This takes a map of labels to scores.
+func (m *Metrics) SetPeerScores(scores map[string]float64) {
+	for label, score := range scores {
+		m.PeerScores.WithLabelValues(label).Set(score)
+	}
+}
+
 // RecordInfo sets a pseudo-metric that contains versioning and
 // config info for the kroma-node.
 func (m *Metrics) RecordInfo(version string) {
@@ -489,10 +554,6 @@ func (m *Metrics) RecordGossipEvent(evType int32) {
 	m.GossipEventsTotal.WithLabelValues(pb.TraceEvent_Type_name[evType]).Inc()
 }
 
-func (m *Metrics) RecordPeerScoring(peerID peer.ID, score float64) {
-	m.PeerScores.WithLabelValues(peerID.String()).Set(score)
-}
-
 func (m *Metrics) IncPeerCount() {
 	m.PeerCount.Inc()
 }
@@ -559,6 +620,31 @@ func (m *Metrics) Document() []metrics.DocumentedMetric {
 	return m.factory.Document()
 }
 
+func (m *Metrics) ClientPayloadByNumberEvent(num uint64, resultCode byte, duration time.Duration) {
+	if resultCode > 4 { // summarize all high codes to reduce metrics overhead
+		resultCode = 5
+	}
+	code := strconv.FormatUint(uint64(resultCode), 10)
+	m.P2PReqTotal.WithLabelValues("client", "payload_by_number", code).Inc()
+	m.P2PReqDurationSeconds.WithLabelValues("client", "payload_by_number", code).Observe(float64(duration) / float64(time.Second))
+	m.P2PPayloadByNumber.WithLabelValues("client").Set(float64(num))
+}
+
+func (m *Metrics) ServerPayloadByNumberEvent(num uint64, resultCode byte, duration time.Duration) {
+	code := strconv.FormatUint(uint64(resultCode), 10)
+	m.P2PReqTotal.WithLabelValues("server", "payload_by_number", code).Inc()
+	m.P2PReqDurationSeconds.WithLabelValues("server", "payload_by_number", code).Observe(float64(duration) / float64(time.Second))
+	m.P2PPayloadByNumber.WithLabelValues("server").Set(float64(num))
+}
+
+func (m *Metrics) PayloadsQuarantineSize(n int) {
+	m.PayloadsQuarantineTotal.Set(float64(n))
+}
+
+func (m *Metrics) RecordChannelInputBytes(inputCompressedBytes int) {
+	m.ChannelInputBytes.Add(float64(inputCompressedBytes))
+}
+
 type noopMetricer struct{}
 
 var NoopMetrics Metricer = new(noopMetricer)
@@ -625,7 +711,7 @@ func (n *noopMetricer) RecordProposerReset() {
 func (n *noopMetricer) RecordGossipEvent(evType int32) {
 }
 
-func (n *noopMetricer) RecordPeerScoring(peerID peer.ID, score float64) {
+func (n *noopMetricer) SetPeerScores(scores map[string]float64) {
 }
 
 func (n *noopMetricer) IncPeerCount() {
@@ -652,3 +738,15 @@ func (n *noopMetricer) RecordProposerSealingTime(duration time.Duration) {
 func (n *noopMetricer) Document() []metrics.DocumentedMetric {
 	return nil
 }
+
+func (n *noopMetricer) ClientPayloadByNumberEvent(num uint64, resultCode byte, duration time.Duration) {
+}
+
+func (n *noopMetricer) ServerPayloadByNumberEvent(num uint64, resultCode byte, duration time.Duration) {
+}
+
+func (n *noopMetricer) PayloadsQuarantineSize(int) {
+}
+
+func (n *noopMetricer) RecordChannelInputBytes(int) {
+}
diff --git a/components/node/node/client.go b/components/node/node/client.go
index 89e3217a4f..44fe34544c 100644
--- a/components/node/node/client.go
+++ b/components/node/node/client.go
@@ -4,23 +4,27 @@ import (
 	"context"
 	"errors"
 	"fmt"
+	"time"
 
 	"github.com/ethereum/go-ethereum/log"
 	gn "github.com/ethereum/go-ethereum/node"
 	"github.com/ethereum/go-ethereum/rpc"
 
 	"github.com/kroma-network/kroma/components/node/client"
+	"github.com/kroma-network/kroma/components/node/rollup"
 	"github.com/kroma-network/kroma/components/node/sources"
 )
 
 type L2EndpointSetup interface {
 	// Setup a RPC client to a L2 execution engine to process rollup blocks with.
-	Setup(ctx context.Context, log log.Logger) (cl client.RPC, err error)
+	Setup(ctx context.Context, log log.Logger, rollupCfg *rollup.Config) (cl client.RPC, rpcCfg *sources.EngineClientConfig, err error)
 	Check() error
 }
 
 type L2SyncEndpointSetup interface {
-	Setup(ctx context.Context, log log.Logger) (cl client.RPC, err error)
+	// Setup a RPC client to another L2 node to sync L2 blocks from.
+	// It may return a nil client with nil error if RPC based sync is not enabled.
+	Setup(ctx context.Context, log log.Logger, rollupCfg *rollup.Config) (cl client.RPC, rpcCfg *sources.SyncClientConfig, err error)
 	Check() error
 }
 
@@ -28,7 +32,8 @@ type L1EndpointSetup interface {
 	// Setup a RPC client to a L1 node to pull rollup input-data from.
 	// The results of the RPC client may be trusted for faster processing, or strictly validated.
 	// The kind of the RPC may be non-basic, to optimize RPC usage.
-	Setup(ctx context.Context, log log.Logger) (cl client.RPC, trust bool, kind sources.RPCProviderKind, err error)
+	Setup(ctx context.Context, log log.Logger, rollupCfg *rollup.Config) (cl client.RPC, rpcCfg *sources.L1ClientConfig, err error)
+	Check() error
 }
 
 type L2EndpointConfig struct {
@@ -49,17 +54,17 @@ func (cfg *L2EndpointConfig) Check() error {
 	return nil
 }
 
-func (cfg *L2EndpointConfig) Setup(ctx context.Context, log log.Logger) (client.RPC, error) {
+func (cfg *L2EndpointConfig) Setup(ctx context.Context, log log.Logger, rollupCfg *rollup.Config) (client.RPC, *sources.EngineClientConfig, error) {
 	if err := cfg.Check(); err != nil {
-		return nil, err
+		return nil, nil, err
 	}
 	auth := rpc.WithHTTPAuth(gn.NewJWTAuth(cfg.L2EngineJWTSecret))
-	l2Node, err := client.NewRPC(ctx, log, cfg.L2EngineAddr, auth)
+	l2Node, err := client.NewRPC(ctx, log, cfg.L2EngineAddr, client.WithGethRPCOptions(auth))
 	if err != nil {
-		return nil, err
+		return nil, nil, err
 	}
 
-	return l2Node, nil
+	return l2Node, sources.EngineClientDefaultConfig(rollupCfg), nil
 }
 
 // PreparedL2Endpoints enables testing with in-process pre-setup RPC connections to L2 engines
@@ -76,51 +81,51 @@ func (p *PreparedL2Endpoints) Check() error {
 
 var _ L2EndpointSetup = (*PreparedL2Endpoints)(nil)
 
-func (p *PreparedL2Endpoints) Setup(ctx context.Context, log log.Logger) (client.RPC, error) {
-	return p.Client, nil
+func (p *PreparedL2Endpoints) Setup(ctx context.Context, log log.Logger, rollupCfg *rollup.Config) (client.RPC, *sources.EngineClientConfig, error) {
+	return p.Client, sources.EngineClientDefaultConfig(rollupCfg), nil
 }
 
 // L2SyncEndpointConfig contains configuration for the fallback sync endpoint
 type L2SyncEndpointConfig struct {
-	// Address of the L2 RPC to use for backup sync
+	// Address of the L2 RPC to use for backup sync, may be empty if RPC alt-sync is disabled.
 	L2NodeAddr string
+	TrustRPC   bool
 }
 
 var _ L2SyncEndpointSetup = (*L2SyncEndpointConfig)(nil)
 
-func (cfg *L2SyncEndpointConfig) Setup(ctx context.Context, log log.Logger) (client.RPC, error) {
+// Setup creates an RPC client to sync from.
+// It will return nil without error if no sync method is configured.
+func (cfg *L2SyncEndpointConfig) Setup(ctx context.Context, log log.Logger, rollupCfg *rollup.Config) (client.RPC, *sources.SyncClientConfig, error) {
+	if cfg.L2NodeAddr == "" {
+		return nil, nil, nil
+	}
 	l2Node, err := client.NewRPC(ctx, log, cfg.L2NodeAddr)
 	if err != nil {
-		return nil, err
+		return nil, nil, err
 	}
 
-	return l2Node, nil
+	return l2Node, sources.SyncClientDefaultConfig(rollupCfg, cfg.TrustRPC), nil
 }
 
 func (cfg *L2SyncEndpointConfig) Check() error {
-	if cfg.L2NodeAddr == "" {
-		return errors.New("empty L2 Node Address")
-	}
-
+	// empty addr is valid, as it is optional.
 	return nil
 }
 
-type L2SyncRPCConfig struct {
-	// RPC endpoint to use for syncing
-	Rpc client.RPC
+type PreparedL2SyncEndpoint struct {
+	// RPC endpoint to use for syncing, may be nil if RPC alt-sync is disabled.
+	Client   client.RPC
+	TrustRPC bool
 }
 
-var _ L2SyncEndpointSetup = (*L2SyncRPCConfig)(nil)
+var _ L2SyncEndpointSetup = (*PreparedL2SyncEndpoint)(nil)
 
-func (cfg *L2SyncRPCConfig) Setup(ctx context.Context, log log.Logger) (client.RPC, error) {
-	return cfg.Rpc, nil
+func (cfg *PreparedL2SyncEndpoint) Setup(ctx context.Context, log log.Logger, rollupCfg *rollup.Config) (client.RPC, *sources.SyncClientConfig, error) {
+	return cfg.Client, sources.SyncClientDefaultConfig(rollupCfg, cfg.TrustRPC), nil
 }
 
-func (cfg *L2SyncRPCConfig) Check() error {
-	if cfg.Rpc == nil {
-		return errors.New("rpc cannot be nil")
-	}
-
+func (cfg *PreparedL2SyncEndpoint) Check() error {
 	return nil
 }
 
@@ -135,16 +140,48 @@ type L1EndpointConfig struct {
 	// L1RPCKind identifies the RPC provider kind that serves the RPC,
 	// to inform the optimal usage of the RPC for transaction receipts fetching.
 	L1RPCKind sources.RPCProviderKind
+
+	// RateLimit specifies a self-imposed rate-limit on L1 requests. 0 is no rate-limit.
+	RateLimit float64
+
+	// BatchSize specifies the maximum batch-size, which also applies as L1 rate-limit burst amount (if set).
+	BatchSize int
+
+	// HttpPollInterval specifies the interval between polling for the latest L1 block,
+	// when the RPC is detected to be an HTTP type.
+	// It is recommended to use websockets or IPC for efficient following of the changing block.
+	// Setting this to 0 disables polling.
+	HttpPollInterval time.Duration
 }
 
 var _ L1EndpointSetup = (*L1EndpointConfig)(nil)
 
-func (cfg *L1EndpointConfig) Setup(ctx context.Context, log log.Logger) (cl client.RPC, trust bool, kind sources.RPCProviderKind, err error) {
-	l1Node, err := client.NewRPC(ctx, log, cfg.L1NodeAddr)
+func (cfg *L1EndpointConfig) Check() error {
+	if cfg.BatchSize < 1 || cfg.BatchSize > 500 {
+		return fmt.Errorf("batch size is invalid or unreasonable: %d", cfg.BatchSize)
+	}
+	if cfg.RateLimit < 0 {
+		return fmt.Errorf("rate limit cannot be negative")
+	}
+	return nil
+}
+
+func (cfg *L1EndpointConfig) Setup(ctx context.Context, log log.Logger, rollupCfg *rollup.Config) (client.RPC, *sources.L1ClientConfig, error) {
+	opts := []client.RPCOption{
+		client.WithHttpPollInterval(cfg.HttpPollInterval),
+		client.WithDialBackoff(10),
+	}
+	if cfg.RateLimit != 0 {
+		opts = append(opts, client.WithRateLimit(cfg.RateLimit, cfg.BatchSize))
+	}
+
+	l1Node, err := client.NewRPC(ctx, log, cfg.L1NodeAddr, opts...)
 	if err != nil {
-		return nil, false, sources.RPCKindBasic, fmt.Errorf("failed to dial L1 address (%s): %w", cfg.L1NodeAddr, err)
+		return nil, nil, fmt.Errorf("failed to dial L1 address (%s): %w", cfg.L1NodeAddr, err)
 	}
-	return l1Node, cfg.L1TrustRPC, cfg.L1RPCKind, nil
+	rpcCfg := sources.L1ClientDefaultConfig(rollupCfg, cfg.L1TrustRPC, cfg.L1RPCKind)
+	rpcCfg.MaxRequestsPerBatch = cfg.BatchSize
+	return l1Node, rpcCfg, nil
 }
 
 // PreparedL1Endpoint enables testing with an in-process pre-setup RPC connection to L1
@@ -156,6 +193,14 @@ type PreparedL1Endpoint struct {
 
 var _ L1EndpointSetup = (*PreparedL1Endpoint)(nil)
 
-func (p *PreparedL1Endpoint) Setup(ctx context.Context, log log.Logger) (cl client.RPC, trust bool, kind sources.RPCProviderKind, err error) {
-	return p.Client, p.TrustRPC, p.RPCProviderKind, nil
+func (p *PreparedL1Endpoint) Setup(ctx context.Context, log log.Logger, rollupCfg *rollup.Config) (client.RPC, *sources.L1ClientConfig, error) {
+	return p.Client, sources.L1ClientDefaultConfig(rollupCfg, p.TrustRPC, p.RPCProviderKind), nil
+}
+
+func (cfg *PreparedL1Endpoint) Check() error {
+	if cfg.Client == nil {
+		return errors.New("rpc client cannot be nil")
+	}
+
+	return nil
 }
diff --git a/components/node/node/config.go b/components/node/node/config.go
index fab2b9559b..087d76c4ae 100644
--- a/components/node/node/config.go
+++ b/components/node/node/config.go
@@ -80,6 +80,9 @@ func (cfg *Config) Check() error {
 	if err := cfg.L2.Check(); err != nil {
 		return fmt.Errorf("l2 endpoint config error: %w", err)
 	}
+	if err := cfg.L2Sync.Check(); err != nil {
+		return fmt.Errorf("sync config error: %w", err)
+	}
 	if err := cfg.Rollup.Check(); err != nil {
 		return fmt.Errorf("rollup config error: %w", err)
 	}
diff --git a/components/node/node/node.go b/components/node/node/node.go
index 2669c447df..83b5778fa3 100644
--- a/components/node/node/node.go
+++ b/components/node/node/node.go
@@ -32,6 +32,7 @@ type KromaNode struct {
 	l1Source  *sources.L1Client     // L1 Client to fetch data from
 	l2Driver  *driver.Driver        // L2 Engine to Sync
 	l2Source  *sources.EngineClient // L2 Execution Engine RPC bindings
+	rpcSync   *sources.SyncClient   // Alt-sync RPC client, optional (may be nil)
 	server    *rpcServer            // RPC server hosting the rollup-node API
 	p2pNode   *p2p.NodeP2P          // P2P node functionality
 	p2pSigner p2p.Signer            // p2p gossip application messages will be signed with this signer
@@ -85,6 +86,9 @@ func (n *KromaNode) init(ctx context.Context, cfg *Config, snapshotLog log.Logge
 	if err := n.initL2(ctx, cfg, snapshotLog); err != nil {
 		return err
 	}
+	if err := n.initRPCSync(ctx, cfg); err != nil {
+		return err
+	}
 	if err := n.initP2PSigner(ctx, cfg); err != nil {
 		return err
 	}
@@ -111,14 +115,13 @@ func (n *KromaNode) initTracer(ctx context.Context, cfg *Config) error {
 }
 
 func (n *KromaNode) initL1(ctx context.Context, cfg *Config) error {
-	l1Node, trustRPC, rpcProvKind, err := cfg.L1.Setup(ctx, n.log)
+	l1Node, rpcCfg, err := cfg.L1.Setup(ctx, n.log, &cfg.Rollup)
 	if err != nil {
 		return fmt.Errorf("failed to get L1 RPC client: %w", err)
 	}
 
 	n.l1Source, err = sources.NewL1Client(
-		client.NewInstrumentedRPC(l1Node, n.metrics), n.log, n.metrics.L1SourceCache,
-		sources.L1ClientDefaultConfig(&cfg.Rollup, trustRPC, rpcProvKind))
+		client.NewInstrumentedRPC(l1Node, n.metrics), n.log, n.metrics.L1SourceCache, rpcCfg)
 	if err != nil {
 		return fmt.Errorf("failed to create L1 source: %w", err)
 	}
@@ -179,14 +182,13 @@ func (n *KromaNode) initRuntimeConfig(ctx context.Context, cfg *Config) error {
 }
 
 func (n *KromaNode) initL2(ctx context.Context, cfg *Config, snapshotLog log.Logger) error {
-	rpcClient, err := cfg.L2.Setup(ctx, n.log)
+	rpcClient, rpcCfg, err := cfg.L2.Setup(ctx, n.log, &cfg.Rollup)
 	if err != nil {
 		return fmt.Errorf("failed to setup L2 execution-engine RPC client: %w", err)
 	}
 
 	n.l2Source, err = sources.NewEngineClient(
-		client.NewInstrumentedRPC(rpcClient, n.metrics), n.log, n.metrics.L2SourceCache,
-		sources.EngineClientDefaultConfig(&cfg.Rollup),
+		client.NewInstrumentedRPC(rpcClient, n.metrics), n.log, n.metrics.L2SourceCache, rpcCfg,
 	)
 	if err != nil {
 		return fmt.Errorf("failed to create Engine client: %w", err)
@@ -196,29 +198,24 @@ func (n *KromaNode) initL2(ctx context.Context, cfg *Config, snapshotLog log.Log
 		return err
 	}
 
-	var syncClient *sources.SyncClient
-	// If the L2 sync config is present, use it to create a sync client
-	if cfg.L2Sync != nil {
-		if err := cfg.L2Sync.Check(); err != nil {
-			log.Info("L2 sync config is not present, skipping L2 sync client setup", "err", err)
-		} else {
-			rpcSyncClient, err := cfg.L2Sync.Setup(ctx, n.log)
-			if err != nil {
-				return fmt.Errorf("failed to setup L2 execution-engine RPC client for backup sync: %w", err)
-			}
+	n.l2Driver = driver.NewDriver(&cfg.Driver, &cfg.Rollup, n.l2Source, n.l1Source, n, n, n.log, snapshotLog, n.metrics)
 
-			// The sync client's RPC is always trusted
-			config := sources.SyncClientDefaultConfig(&cfg.Rollup, true)
+	return nil
+}
 
-			syncClient, err = sources.NewSyncClient(n.OnUnsafeL2Payload, rpcSyncClient, n.log, n.metrics.L2SourceCache, config)
-			if err != nil {
-				return fmt.Errorf("failed to create sync client: %w", err)
-			}
-		}
+func (n *KromaNode) initRPCSync(ctx context.Context, cfg *Config) error {
+	rpcSyncClient, rpcCfg, err := cfg.L2Sync.Setup(ctx, n.log, &cfg.Rollup)
+	if err != nil {
+		return fmt.Errorf("failed to setup L2 execution-engine RPC client for backup sync: %w", err)
 	}
-
-	n.l2Driver = driver.NewDriver(&cfg.Driver, &cfg.Rollup, n.l2Source, n.l1Source, syncClient, n, n.log, snapshotLog, n.metrics)
-
+	if rpcSyncClient == nil { // if no RPC client is configured to sync from, then don't add the RPC sync client
+		return nil
+	}
+	syncClient, err := sources.NewSyncClient(n.OnUnsafeL2Payload, rpcSyncClient, n.log, n.metrics.L2SourceCache, rpcCfg)
+	if err != nil {
+		return fmt.Errorf("failed to create sync client: %w", err)
+	}
+	n.rpcSync = syncClient
 	return nil
 }
 
@@ -258,7 +255,7 @@ func (n *KromaNode) initMetricsServer(ctx context.Context, cfg *Config) error {
 
 func (n *KromaNode) initP2P(ctx context.Context, cfg *Config) error {
 	if cfg.P2P != nil {
-		p2pNode, err := p2p.NewNodeP2P(n.resourcesCtx, &cfg.Rollup, n.log, cfg.P2P, n, n.runCfg, n.metrics)
+		p2pNode, err := p2p.NewNodeP2P(n.resourcesCtx, &cfg.Rollup, n.log, cfg.P2P, n, n.l2Source, n.runCfg, n.metrics)
 		if err != nil || p2pNode == nil {
 			return err
 		}
@@ -291,11 +288,12 @@ func (n *KromaNode) Start(ctx context.Context) error {
 	}
 
 	// If the backup unsafe sync client is enabled, start its event loop
-	if n.l2Driver.L2SyncCl != nil {
-		if err := n.l2Driver.L2SyncCl.Start(); err != nil {
+	if n.rpcSync != nil {
+		if err := n.rpcSync.Start(); err != nil {
 			n.log.Error("Could not start the backup sync client", "err", err)
 			return err
 		}
+		n.log.Info("Started L2-RPC sync service")
 	}
 
 	return nil
@@ -374,6 +372,17 @@ func (n *KromaNode) OnUnsafeL2Payload(ctx context.Context, from peer.ID, payload
 	return nil
 }
 
+func (n *KromaNode) RequestL2Range(ctx context.Context, start, end eth.L2BlockRef) error {
+	if n.rpcSync != nil {
+		return n.rpcSync.RequestL2Range(ctx, start, end)
+	}
+	if n.p2pNode != nil && n.p2pNode.AltSyncEnabled() {
+		return n.p2pNode.RequestL2Range(ctx, start, end)
+	}
+	n.log.Debug("ignoring request to sync L2 range, no sync method available", "start", start, "end", end)
+	return nil
+}
+
 func (n *KromaNode) P2P() p2p.Node {
 	return n.p2pNode
 }
@@ -412,8 +421,8 @@ func (n *KromaNode) Close() error {
 		}
 
 		// If the L2 sync client is present & running, close it.
-		if n.l2Driver.L2SyncCl != nil {
-			if err := n.l2Driver.L2SyncCl.Close(); err != nil {
+		if n.rpcSync != nil {
+			if err := n.rpcSync.Close(); err != nil {
 				result = multierror.Append(result, fmt.Errorf("failed to close L2 engine backup sync client cleanly: %w", err))
 			}
 		}
diff --git a/components/node/node/server_test.go b/components/node/node/server_test.go
index 50e405daa4..a4ae86bfdd 100644
--- a/components/node/node/server_test.go
+++ b/components/node/node/server_test.go
@@ -145,7 +145,7 @@ func TestOutputAtBlock(t *testing.T) {
 	require.NoError(t, server.Start())
 	defer server.Stop()
 
-	client, err := rpcclient.DialRPCClientWithBackoff(context.Background(), log, "http://"+server.Addr().String())
+	client, err := rpcclient.NewRPC(context.Background(), log, "http://"+server.Addr().String(), rpcclient.WithDialBackoff(3))
 	require.NoError(t, err)
 
 	var out *eth.OutputResponse
@@ -177,7 +177,7 @@ func TestVersion(t *testing.T) {
 	assert.NoError(t, server.Start())
 	defer server.Stop()
 
-	client, err := rpcclient.DialRPCClientWithBackoff(context.Background(), log, "http://"+server.Addr().String())
+	client, err := rpcclient.NewRPC(context.Background(), log, "http://"+server.Addr().String(), rpcclient.WithDialBackoff(3))
 	assert.NoError(t, err)
 
 	var out string
@@ -196,6 +196,7 @@ func randomSyncStatus(rng *rand.Rand) *eth.SyncStatus {
 		UnsafeL2:           testutils.RandomL2BlockRef(rng),
 		SafeL2:             testutils.RandomL2BlockRef(rng),
 		FinalizedL2:        testutils.RandomL2BlockRef(rng),
+		UnsafeL2SyncTarget: testutils.RandomL2BlockRef(rng),
 	}
 }
 
@@ -219,7 +220,7 @@ func TestSyncStatus(t *testing.T) {
 	assert.NoError(t, server.Start())
 	defer server.Stop()
 
-	client, err := rpcclient.DialRPCClientWithBackoff(context.Background(), log, "http://"+server.Addr().String())
+	client, err := rpcclient.NewRPC(context.Background(), log, "http://"+server.Addr().String(), rpcclient.WithDialBackoff(3))
 	assert.NoError(t, err)
 
 	var out *eth.SyncStatus
diff --git a/components/node/p2p/band_scorer_test.go b/components/node/p2p/band_scorer_test.go
new file mode 100644
index 0000000000..fc31332994
--- /dev/null
+++ b/components/node/p2p/band_scorer_test.go
@@ -0,0 +1,83 @@
+package p2p
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/require"
+)
+
+// TestBandScorer_ParseDefault tests the [BandScorer.Parse] function
+// on the default band scores cli flag value.
+func TestBandScorer_ParseDefault(t *testing.T) {
+	// Create a new band scorer.
+	bandScorer, err := NewBandScorer("-40:graylist;-20:restricted;0:nopx;20:friend;")
+	require.NoError(t, err)
+
+	// Validate the [BandScorer] internals.
+	require.ElementsMatch(t, bandScorer.bands, []scorePair{
+		{band: "graylist", threshold: -40},
+		{band: "restricted", threshold: -20},
+		{band: "nopx", threshold: 0},
+		{band: "friend", threshold: 20},
+	})
+}
+
+// TestBandScorer_BucketCorrectly tests the [BandScorer.Bucket] function
+// on a variety of scores.
+func TestBandScorer_BucketCorrectly(t *testing.T) {
+	// Create a new band scorer.
+	bandScorer, err := NewBandScorer("-40:graylist;-20:restricted;0:nopx;20:friend;")
+	require.NoError(t, err)
+
+	// Validate the [BandScorer] internals.
+	require.Equal(t, bandScorer.Bucket(-100), "graylist")
+	require.Equal(t, bandScorer.Bucket(-40), "graylist")
+	require.Equal(t, bandScorer.Bucket(-39), "restricted")
+	require.Equal(t, bandScorer.Bucket(-20), "restricted")
+	require.Equal(t, bandScorer.Bucket(-19), "nopx")
+	require.Equal(t, bandScorer.Bucket(0), "nopx")
+	require.Equal(t, bandScorer.Bucket(1), "friend")
+	require.Equal(t, bandScorer.Bucket(20), "friend")
+	require.Equal(t, bandScorer.Bucket(21), "friend")
+}
+
+// TestBandScorer_BucketInverted tests the [BandScorer.Bucket] function
+// on a variety of scores, in descending order.
+func TestBandScorer_BucketInverted(t *testing.T) {
+	// Create a new band scorer.
+	bandScorer, err := NewBandScorer("20:friend;0:nopx;-20:restricted;-40:graylist;")
+	require.NoError(t, err)
+
+	// Validate the [BandScorer] internals.
+	require.Equal(t, bandScorer.Bucket(-100), "graylist")
+	require.Equal(t, bandScorer.Bucket(-40), "graylist")
+	require.Equal(t, bandScorer.Bucket(-39), "restricted")
+	require.Equal(t, bandScorer.Bucket(-20), "restricted")
+	require.Equal(t, bandScorer.Bucket(-19), "nopx")
+	require.Equal(t, bandScorer.Bucket(0), "nopx")
+	require.Equal(t, bandScorer.Bucket(1), "friend")
+	require.Equal(t, bandScorer.Bucket(20), "friend")
+	require.Equal(t, bandScorer.Bucket(21), "friend")
+}
+
+// TestBandScorer_ParseEmpty tests the [BandScorer.Parse] function
+// on an empty string.
+func TestBandScorer_ParseEmpty(t *testing.T) {
+	// Create a band scorer on an empty string.
+	bandScorer, err := NewBandScorer("")
+	require.NoError(t, err)
+
+	// Validate the [BandScorer] internals.
+	require.Len(t, bandScorer.bands, 0)
+}
+
+// TestBandScorer_ParseWhitespace tests the [BandScorer.Parse] function
+// on a variety of whitespaced strings.
+func TestBandScorer_ParseWhitespace(t *testing.T) {
+	// Create a band scorer on an empty string.
+	bandScorer, err := NewBandScorer("  ;  ;  ;  ")
+	require.NoError(t, err)
+
+	// Validate the [BandScorer] internals.
+	require.Len(t, bandScorer.bands, 0)
+}
diff --git a/components/node/p2p/cli/load_config.go b/components/node/p2p/cli/load_config.go
index 6ac30cd0f7..df68fdc11a 100644
--- a/components/node/p2p/cli/load_config.go
+++ b/components/node/p2p/cli/load_config.go
@@ -56,6 +56,10 @@ func NewConfig(ctx *cli.Context, blockTime uint64) (*p2p.Config, error) {
 		return nil, fmt.Errorf("failed to load p2p peer scoring options: %w", err)
 	}
 
+	if err := loadPeerScoreBands(conf, ctx); err != nil {
+		return nil, fmt.Errorf("failed to load p2p peer score bands: %w", err)
+	}
+
 	if err := loadBanningOption(conf, ctx); err != nil {
 		return nil, fmt.Errorf("failed to load banning option: %w", err)
 	}
@@ -67,6 +71,8 @@ func NewConfig(ctx *cli.Context, blockTime uint64) (*p2p.Config, error) {
 	conf.ConnGater = p2p.DefaultConnGater
 	conf.ConnMngr = p2p.DefaultConnManager
 
+	conf.EnableReqRespSync = ctx.GlobalBool(flags.SyncReqRespFlag.Name)
+
 	return conf, nil
 }
 
@@ -119,6 +125,17 @@ func loadPeerScoringParams(conf *p2p.Config, ctx *cli.Context, blockTime uint64)
 	return nil
 }
 
+// loadPeerScoreBands loads [p2p.BandScorer] from the CLI context.
+func loadPeerScoreBands(conf *p2p.Config, ctx *cli.Context) error {
+	scoreBands := ctx.GlobalString(flags.PeerScoreBands.Name)
+	bandScorer, err := p2p.NewBandScorer(scoreBands)
+	if err != nil {
+		return err
+	}
+	conf.BandScoreThresholds = *bandScorer
+	return nil
+}
+
 // loadBanningOption loads whether or not to ban peers from the CLI context.
 func loadBanningOption(conf *p2p.Config, ctx *cli.Context) error {
 	ban := ctx.GlobalBool(flags.Banning.Name)
diff --git a/components/node/p2p/config.go b/components/node/p2p/config.go
index 788e65f56f..8dff94259b 100644
--- a/components/node/p2p/config.go
+++ b/components/node/p2p/config.go
@@ -37,6 +37,7 @@ type SetupP2P interface {
 	Discovery(log log.Logger, rollupCfg *rollup.Config, tcpPort uint16) (*enode.LocalNode, *discover.UDPv5, error)
 	TargetPeers() uint
 	GossipSetupConfigurables
+	ReqRespSyncEnabled() bool
 }
 
 // Config sets up a p2p host and discv5 service from configuration.
@@ -47,10 +48,16 @@ type Config struct {
 	DisableP2P  bool
 	NoDiscovery bool
 
+	// Enable P2P-based alt-syncing method (req-resp protocol, not gossip)
+	AltSync bool
+
 	// Pubsub Scoring Parameters
 	PeerScoring  pubsub.PeerScoreParams
 	TopicScoring pubsub.TopicScoreParams
 
+	// Peer Score Band Thresholds
+	BandScoreThresholds BandScoreThresholds
+
 	// Whether to ban peers based on their [PeerScoring] score.
 	BanningEnabled bool
 
@@ -98,6 +105,8 @@ type Config struct {
 
 	ConnGater func(conf *Config) (connmgr.ConnectionGater, error)
 	ConnMngr  func(conf *Config) (connmgr.ConnManager, error)
+
+	EnableReqRespSync bool
 }
 
 //go:generate mockery --name ConnectionGater
@@ -148,6 +157,10 @@ func (conf *Config) PeerScoringParams() *pubsub.PeerScoreParams {
 	return &conf.PeerScoring
 }
 
+func (conf *Config) PeerBandScorer() *BandScoreThresholds {
+	return &conf.BandScoreThresholds
+}
+
 func (conf *Config) BanPeers() bool {
 	return conf.BanningEnabled
 }
@@ -156,6 +169,10 @@ func (conf *Config) TopicScoringParams() *pubsub.TopicScoreParams {
 	return &conf.TopicScoring
 }
 
+func (conf *Config) ReqRespSyncEnabled() bool {
+	return conf.EnableReqRespSync
+}
+
 const maxMeshParam = 1000
 
 func (conf *Config) Check() error {
diff --git a/components/node/p2p/gossip.go b/components/node/p2p/gossip.go
index 0041e2375c..a2e898e665 100644
--- a/components/node/p2p/gossip.go
+++ b/components/node/p2p/gossip.go
@@ -54,6 +54,7 @@ type GossipSetupConfigurables interface {
 	TopicScoringParams() *pubsub.TopicScoreParams
 	BanPeers() bool
 	ConfigureGossip(params *pubsub.GossipSubParams) []pubsub.Option
+	PeerBandScorer() *BandScoreThresholds
 }
 
 type GossipRuntimeConfig interface {
@@ -63,7 +64,8 @@ type GossipRuntimeConfig interface {
 //go:generate mockery --name GossipMetricer
 type GossipMetricer interface {
 	RecordGossipEvent(evType int32)
-	RecordPeerScoring(peerID peer.ID, score float64)
+	// Peer Scoring Metric Funcs
+	SetPeerScores(map[string]float64)
 }
 
 func blocksTopicV1(cfg *rollup.Config) string {
@@ -335,23 +337,15 @@ func BuildBlocksValidator(log log.Logger, cfg *rollup.Config, runCfg GossipRunti
 }
 
 func verifyBlockSignature(log log.Logger, cfg *rollup.Config, runCfg GossipRuntimeConfig, id peer.ID, signatureBytes []byte, payloadBytes []byte) pubsub.ValidationResult {
-	return verifyBlockSignatureWithHasher(log, cfg, runCfg, id, signatureBytes, payloadBytes, BlockSigningHash)
-}
-
-func verifyBlockSignatureWithHasher(log log.Logger, cfg *rollup.Config, runCfg GossipRuntimeConfig, id peer.ID, signatureBytes []byte, payloadBytes []byte, hasher func(cfg *rollup.Config, payloadBytes []byte) (common.Hash, error)) pubsub.ValidationResult {
-	signingHash, err := hasher(cfg, payloadBytes)
+	signingHash, err := BlockSigningHash(cfg, payloadBytes)
 	if err != nil {
-		if log != nil {
-			log.Warn("failed to compute block signing hash", "err", err, "peer", id)
-		}
+		log.Warn("failed to compute block signing hash", "err", err, "peer", id)
 		return pubsub.ValidationReject
 	}
 
 	pub, err := crypto.SigToPub(signingHash[:], signatureBytes)
 	if err != nil {
-		if log != nil {
-			log.Warn("invalid block signature", "err", err, "peer", id)
-		}
+		log.Warn("invalid block signature", "err", err, "peer", id)
 		return pubsub.ValidationReject
 	}
 	addr := crypto.PubkeyToAddress(*pub)
@@ -362,14 +356,10 @@ func verifyBlockSignatureWithHasher(log log.Logger, cfg *rollup.Config, runCfg G
 	// This means we may drop old payloads upon key rotation,
 	// but this can be recovered from like any other missed unsafe payload.
 	if expected := runCfg.P2PProposerAddress(); expected == (common.Address{}) {
-		if log != nil {
-			log.Warn("no configured p2p sequencer address, ignoring gossiped block", "peer", id, "addr", addr)
-		}
+		log.Warn("no configured p2p sequencer address, ignoring gossiped block", "peer", id, "addr", addr)
 		return pubsub.ValidationIgnore
 	} else if addr != expected {
-		if log != nil {
-			log.Warn("unexpected block author", "err", err, "peer", id, "addr", addr, "expected", expected)
-		}
+		log.Warn("unexpected block author", "err", err, "peer", id, "addr", addr, "expected", expected)
 		return pubsub.ValidationReject
 	}
 	return pubsub.ValidationAccept
diff --git a/components/node/p2p/gossip_test.go b/components/node/p2p/gossip_test.go
index bed891e911..b8aefb2cc8 100644
--- a/components/node/p2p/gossip_test.go
+++ b/components/node/p2p/gossip_test.go
@@ -2,7 +2,6 @@ package p2p
 
 import (
 	"context"
-	"crypto/ecdsa"
 	"math/big"
 	"testing"
 
@@ -41,17 +40,6 @@ func TestGuardGossipValidator(t *testing.T) {
 }
 
 func TestVerifyBlockSignature(t *testing.T) {
-	// Should accept signatures over both the legacy and updated signature hashes
-	tests := []struct {
-		name      string
-		newSigner func(priv *ecdsa.PrivateKey) *LocalSigner
-	}{
-		{
-			name:      "Updated",
-			newSigner: NewLocalSigner,
-		},
-	}
-
 	logger := testlog.Logger(t, log.LvlCrit)
 	cfg := &rollup.Config{
 		L2ChainID: big.NewInt(100),
@@ -61,39 +49,37 @@ func TestVerifyBlockSignature(t *testing.T) {
 	require.NoError(t, err)
 	msg := []byte("any msg")
 
-	for _, test := range tests {
-		t.Run("Valid "+test.name, func(t *testing.T) {
-			runCfg := &testutils.MockRuntimeConfig{P2PPropAddress: crypto.PubkeyToAddress(secrets.ProposerP2P.PublicKey)}
-			signer := &PreparedSigner{Signer: test.newSigner(secrets.ProposerP2P)}
-			sig, err := signer.Sign(context.Background(), SigningDomainBlocksV1, cfg.L2ChainID, msg)
-			require.NoError(t, err)
-			result := verifyBlockSignature(logger, cfg, runCfg, peerId, sig[:65], msg)
-			require.Equal(t, pubsub.ValidationAccept, result)
-		})
+	t.Run("Valid", func(t *testing.T) {
+		runCfg := &testutils.MockRuntimeConfig{P2PPropAddress: crypto.PubkeyToAddress(secrets.ProposerP2P.PublicKey)}
+		signer := &PreparedSigner{Signer: NewLocalSigner(secrets.ProposerP2P)}
+		sig, err := signer.Sign(context.Background(), SigningDomainBlocksV1, cfg.L2ChainID, msg)
+		require.NoError(t, err)
+		result := verifyBlockSignature(logger, cfg, runCfg, peerId, sig[:65], msg)
+		require.Equal(t, pubsub.ValidationAccept, result)
+	})
 
-		t.Run("WrongSigner "+test.name, func(t *testing.T) {
-			runCfg := &testutils.MockRuntimeConfig{P2PPropAddress: common.HexToAddress("0x1234")}
-			signer := &PreparedSigner{Signer: test.newSigner(secrets.ProposerP2P)}
-			sig, err := signer.Sign(context.Background(), SigningDomainBlocksV1, cfg.L2ChainID, msg)
-			require.NoError(t, err)
-			result := verifyBlockSignature(logger, cfg, runCfg, peerId, sig[:65], msg)
-			require.Equal(t, pubsub.ValidationReject, result)
-		})
+	t.Run("WrongSigner", func(t *testing.T) {
+		runCfg := &testutils.MockRuntimeConfig{P2PPropAddress: common.HexToAddress("0x1234")}
+		signer := &PreparedSigner{Signer: NewLocalSigner(secrets.ProposerP2P)}
+		sig, err := signer.Sign(context.Background(), SigningDomainBlocksV1, cfg.L2ChainID, msg)
+		require.NoError(t, err)
+		result := verifyBlockSignature(logger, cfg, runCfg, peerId, sig[:65], msg)
+		require.Equal(t, pubsub.ValidationReject, result)
+	})
 
-		t.Run("InvalidSignature "+test.name, func(t *testing.T) {
-			runCfg := &testutils.MockRuntimeConfig{P2PPropAddress: crypto.PubkeyToAddress(secrets.ProposerP2P.PublicKey)}
-			sig := make([]byte, 65)
-			result := verifyBlockSignature(logger, cfg, runCfg, peerId, sig, msg)
-			require.Equal(t, pubsub.ValidationReject, result)
-		})
+	t.Run("InvalidSignature", func(t *testing.T) {
+		runCfg := &testutils.MockRuntimeConfig{P2PPropAddress: crypto.PubkeyToAddress(secrets.ProposerP2P.PublicKey)}
+		sig := make([]byte, 65)
+		result := verifyBlockSignature(logger, cfg, runCfg, peerId, sig, msg)
+		require.Equal(t, pubsub.ValidationReject, result)
+	})
 
-		t.Run("NoProposer "+test.name, func(t *testing.T) {
-			runCfg := &testutils.MockRuntimeConfig{}
-			signer := &PreparedSigner{Signer: test.newSigner(secrets.ProposerP2P)}
-			sig, err := signer.Sign(context.Background(), SigningDomainBlocksV1, cfg.L2ChainID, msg)
-			require.NoError(t, err)
-			result := verifyBlockSignature(logger, cfg, runCfg, peerId, sig[:65], msg)
-			require.Equal(t, pubsub.ValidationIgnore, result)
-		})
-	}
+	t.Run("NoProposer", func(t *testing.T) {
+		runCfg := &testutils.MockRuntimeConfig{}
+		signer := &PreparedSigner{Signer: NewLocalSigner(secrets.ProposerP2P)}
+		sig, err := signer.Sign(context.Background(), SigningDomainBlocksV1, cfg.L2ChainID, msg)
+		require.NoError(t, err)
+		result := verifyBlockSignature(logger, cfg, runCfg, peerId, sig[:65], msg)
+		require.Equal(t, pubsub.ValidationIgnore, result)
+	})
 }
diff --git a/components/node/p2p/host_test.go b/components/node/p2p/host_test.go
index f9595b5f41..5f44b1f6ef 100644
--- a/components/node/p2p/host_test.go
+++ b/components/node/p2p/host_test.go
@@ -25,6 +25,7 @@ import (
 	slices "golang.org/x/exp/slices"
 
 	"github.com/kroma-network/kroma/components/node/eth"
+	"github.com/kroma-network/kroma/components/node/metrics"
 	"github.com/kroma-network/kroma/components/node/rollup"
 	"github.com/kroma-network/kroma/components/node/testlog"
 	"github.com/kroma-network/kroma/components/node/testutils"
@@ -124,7 +125,7 @@ func TestP2PFull(t *testing.T) {
 	runCfgB := &testutils.MockRuntimeConfig{P2PPropAddress: common.Address{0x42}}
 
 	logA := testlog.Logger(t, log.LvlError).New("host", "A")
-	nodeA, err := NewNodeP2P(context.Background(), &rollup.Config{}, logA, &confA, &mockGossipIn{}, runCfgA, nil)
+	nodeA, err := NewNodeP2P(context.Background(), &rollup.Config{}, logA, &confA, &mockGossipIn{}, nil, runCfgA, metrics.NoopMetrics)
 	require.NoError(t, err)
 	defer nodeA.Close()
 
@@ -147,7 +148,7 @@ func TestP2PFull(t *testing.T) {
 
 	logB := testlog.Logger(t, log.LvlError).New("host", "B")
 
-	nodeB, err := NewNodeP2P(context.Background(), &rollup.Config{}, logB, &confB, &mockGossipIn{}, runCfgB, nil)
+	nodeB, err := NewNodeP2P(context.Background(), &rollup.Config{}, logB, &confB, &mockGossipIn{}, nil, runCfgB, metrics.NoopMetrics)
 	require.NoError(t, err)
 	defer nodeB.Close()
 	hostB := nodeB.Host()
@@ -276,7 +277,7 @@ func TestDiscovery(t *testing.T) {
 	resourcesCtx, resourcesCancel := context.WithCancel(context.Background())
 	defer resourcesCancel()
 
-	nodeA, err := NewNodeP2P(context.Background(), rollupCfg, logA, &confA, &mockGossipIn{}, runCfgA, nil)
+	nodeA, err := NewNodeP2P(context.Background(), rollupCfg, logA, &confA, &mockGossipIn{}, nil, runCfgA, metrics.NoopMetrics)
 	require.NoError(t, err)
 	defer nodeA.Close()
 	hostA := nodeA.Host()
@@ -291,7 +292,7 @@ func TestDiscovery(t *testing.T) {
 	confB.DiscoveryDB = discDBC
 
 	// Start B
-	nodeB, err := NewNodeP2P(context.Background(), rollupCfg, logB, &confB, &mockGossipIn{}, runCfgB, nil)
+	nodeB, err := NewNodeP2P(context.Background(), rollupCfg, logB, &confB, &mockGossipIn{}, nil, runCfgB, metrics.NoopMetrics)
 	require.NoError(t, err)
 	defer nodeB.Close()
 	hostB := nodeB.Host()
@@ -306,7 +307,7 @@ func TestDiscovery(t *testing.T) {
 		}})
 
 	// Start C
-	nodeC, err := NewNodeP2P(context.Background(), rollupCfg, logC, &confC, &mockGossipIn{}, runCfgC, nil)
+	nodeC, err := NewNodeP2P(context.Background(), rollupCfg, logC, &confC, &mockGossipIn{}, nil, runCfgC, metrics.NoopMetrics)
 	require.NoError(t, err)
 	defer nodeC.Close()
 	hostC := nodeC.Host()
diff --git a/components/node/p2p/mocks/ConnectionGater.go b/components/node/p2p/mocks/ConnectionGater.go
index 6392b26a01..77c2c93eae 100644
--- a/components/node/p2p/mocks/ConnectionGater.go
+++ b/components/node/p2p/mocks/ConnectionGater.go
@@ -1,4 +1,4 @@
-// Code generated by mockery v2.20.0. DO NOT EDIT.
+// Code generated by mockery v2.25.1. DO NOT EDIT.
 
 package mocks
 
diff --git a/components/node/p2p/mocks/GossipMetricer.go b/components/node/p2p/mocks/GossipMetricer.go
index 2933462861..f3cadcec3c 100644
--- a/components/node/p2p/mocks/GossipMetricer.go
+++ b/components/node/p2p/mocks/GossipMetricer.go
@@ -1,12 +1,8 @@
-// Code generated by mockery v2.20.0. DO NOT EDIT.
+// Code generated by mockery v2.25.1. DO NOT EDIT.
 
 package mocks
 
-import (
-	mock "github.com/stretchr/testify/mock"
-
-	peer "github.com/libp2p/go-libp2p/core/peer"
-)
+import mock "github.com/stretchr/testify/mock"
 
 // GossipMetricer is an autogenerated mock type for the GossipMetricer type
 type GossipMetricer struct {
@@ -18,9 +14,9 @@ func (_m *GossipMetricer) RecordGossipEvent(evType int32) {
 	_m.Called(evType)
 }
 
-// RecordPeerScoring provides a mock function with given fields: peerID, score
-func (_m *GossipMetricer) RecordPeerScoring(peerID peer.ID, score float64) {
-	_m.Called(peerID, score)
+// SetPeerScores provides a mock function with given fields: _a0
+func (_m *GossipMetricer) SetPeerScores(_a0 map[string]float64) {
+	_m.Called(_a0)
 }
 
 type mockConstructorTestingTNewGossipMetricer interface {
diff --git a/components/node/p2p/mocks/PeerGater.go b/components/node/p2p/mocks/PeerGater.go
index 7193b7a552..874062f28f 100644
--- a/components/node/p2p/mocks/PeerGater.go
+++ b/components/node/p2p/mocks/PeerGater.go
@@ -1,4 +1,4 @@
-// Code generated by mockery v2.20.0. DO NOT EDIT.
+// Code generated by mockery v2.25.1. DO NOT EDIT.
 
 package mocks
 
@@ -13,6 +13,20 @@ type PeerGater struct {
 	mock.Mock
 }
 
+// IsBlocked provides a mock function with given fields: _a0
+func (_m *PeerGater) IsBlocked(_a0 peer.ID) bool {
+	ret := _m.Called(_a0)
+
+	var r0 bool
+	if rf, ok := ret.Get(0).(func(peer.ID) bool); ok {
+		r0 = rf(_a0)
+	} else {
+		r0 = ret.Get(0).(bool)
+	}
+
+	return r0
+}
+
 // Update provides a mock function with given fields: _a0, _a1
 func (_m *PeerGater) Update(_a0 peer.ID, _a1 float64) {
 	_m.Called(_a0, _a1)
diff --git a/components/node/p2p/mocks/Peerstore.go b/components/node/p2p/mocks/Peerstore.go
index 7297b4c9a4..7de60aa8ac 100644
--- a/components/node/p2p/mocks/Peerstore.go
+++ b/components/node/p2p/mocks/Peerstore.go
@@ -1,4 +1,4 @@
-// Code generated by mockery v2.20.0. DO NOT EDIT.
+// Code generated by mockery v2.25.1. DO NOT EDIT.
 
 package mocks
 
diff --git a/components/node/p2p/node.go b/components/node/p2p/node.go
index 396eeb0dce..011c78a8b1 100644
--- a/components/node/p2p/node.go
+++ b/components/node/p2p/node.go
@@ -14,8 +14,10 @@ import (
 	"github.com/libp2p/go-libp2p/core/connmgr"
 	"github.com/libp2p/go-libp2p/core/host"
 	p2pmetrics "github.com/libp2p/go-libp2p/core/metrics"
+	"github.com/libp2p/go-libp2p/core/network"
 	ma "github.com/multiformats/go-multiaddr"
 
+	"github.com/kroma-network/kroma/components/node/eth"
 	"github.com/kroma-network/kroma/components/node/metrics"
 	"github.com/kroma-network/kroma/components/node/rollup"
 )
@@ -30,16 +32,18 @@ type NodeP2P struct {
 	dv5Udp   *discover.UDPv5  // p2p discovery service
 	gs       *pubsub.PubSub   // p2p gossip router
 	gsOut    GossipOut        // p2p gossip application interface for publishing
+	syncCl   *SyncClient
+	syncSrv  *ReqRespServer
 }
 
 // NewNodeP2P creates a new p2p node, and returns a reference to it. If the p2p is disabled, it returns nil.
 // If metrics are configured, a bandwidth monitor will be spawned in a goroutine.
-func NewNodeP2P(resourcesCtx context.Context, rollupCfg *rollup.Config, log log.Logger, setup SetupP2P, gossipIn GossipIn, runCfg GossipRuntimeConfig, metrics metrics.Metricer) (*NodeP2P, error) {
+func NewNodeP2P(resourcesCtx context.Context, rollupCfg *rollup.Config, log log.Logger, setup SetupP2P, gossipIn GossipIn, l2Chain L2Chain, runCfg GossipRuntimeConfig, metrics metrics.Metricer) (*NodeP2P, error) {
 	if setup == nil {
 		return nil, errors.New("p2p node cannot be created without setup")
 	}
 	var n NodeP2P
-	if err := n.init(resourcesCtx, rollupCfg, log, setup, gossipIn, runCfg, metrics); err != nil {
+	if err := n.init(resourcesCtx, rollupCfg, log, setup, gossipIn, l2Chain, runCfg, metrics); err != nil {
 		closeErr := n.Close()
 		if closeErr != nil {
 			log.Error("failed to close p2p after starting with err", "closeErr", closeErr, "err", err)
@@ -52,7 +56,7 @@ func NewNodeP2P(resourcesCtx context.Context, rollupCfg *rollup.Config, log log.
 	return &n, nil
 }
 
-func (n *NodeP2P) init(resourcesCtx context.Context, rollupCfg *rollup.Config, log log.Logger, setup SetupP2P, gossipIn GossipIn, runCfg GossipRuntimeConfig, metrics metrics.Metricer) error {
+func (n *NodeP2P) init(resourcesCtx context.Context, rollupCfg *rollup.Config, log log.Logger, setup SetupP2P, gossipIn GossipIn, l2Chain L2Chain, runCfg GossipRuntimeConfig, metrics metrics.Metricer) error {
 	bwc := p2pmetrics.NewBandwidthCounter()
 
 	var err error
@@ -71,6 +75,29 @@ func (n *NodeP2P) init(resourcesCtx context.Context, rollupCfg *rollup.Config, l
 			n.gater = extra.ConnectionGater()
 			n.connMgr = extra.ConnectionManager()
 		}
+		// Activate the P2P req-resp sync if enabled by feature-flag.
+		if setup.ReqRespSyncEnabled() {
+			n.syncCl = NewSyncClient(log, rollupCfg, n.host.NewStream, gossipIn.OnUnsafeL2Payload, metrics)
+			n.host.Network().Notify(&network.NotifyBundle{
+				ConnectedF: func(nw network.Network, conn network.Conn) {
+					n.syncCl.AddPeer(conn.RemotePeer())
+				},
+				DisconnectedF: func(nw network.Network, conn network.Conn) {
+					n.syncCl.RemovePeer(conn.RemotePeer())
+				},
+			})
+			n.syncCl.Start()
+			// the host may already be connected to peers, add them all to the sync client
+			for _, peerID := range n.host.Network().Peers() {
+				n.syncCl.AddPeer(peerID)
+			}
+			if l2Chain != nil { // Only enable serving side of req-resp sync if we have a data-source, to make minimal P2P testing easy
+				n.syncSrv = NewReqRespServer(rollupCfg, l2Chain, metrics)
+				// register the sync protocol with libp2p host
+				payloadByNumber := MakeStreamHandler(resourcesCtx, log.New("serve", "payloads_by_number"), n.syncSrv.HandleSyncRequest)
+				n.host.SetStreamHandler(PayloadByNumberProtocolID(rollupCfg.L2ChainID), payloadByNumber)
+			}
+		}
 		// notify of any new connections/streams/etc.
 		n.host.Network().Notify(NewNetworkNotifier(log, metrics))
 		// note: the IDDelta functionality was removed from libP2P, and no longer needs to be explicitly disabled.
@@ -102,6 +129,17 @@ func (n *NodeP2P) init(resourcesCtx context.Context, rollupCfg *rollup.Config, l
 	return nil
 }
 
+func (n *NodeP2P) AltSyncEnabled() bool {
+	return n.syncCl != nil
+}
+
+func (n *NodeP2P) RequestL2Range(ctx context.Context, start, end eth.L2BlockRef) error {
+	if !n.AltSyncEnabled() {
+		return fmt.Errorf("cannot request range %s - %s, req-resp sync is not enabled", start, end)
+	}
+	return n.syncCl.RequestL2Range(ctx, start, end)
+}
+
 func (n *NodeP2P) Host() host.Host {
 	return n.host
 }
@@ -144,6 +182,11 @@ func (n *NodeP2P) Close() error {
 		if err := n.host.Close(); err != nil {
 			result = multierror.Append(result, fmt.Errorf("failed to close p2p host cleanly: %w", err))
 		}
+		if n.syncCl != nil {
+			if err := n.syncCl.Close(); err != nil {
+				result = multierror.Append(result, fmt.Errorf("failed to close p2p sync client cleanly: %w", err))
+			}
+		}
 	}
 	return result.ErrorOrNil()
 }
diff --git a/components/node/p2p/peer_gater.go b/components/node/p2p/peer_gater.go
index 0e2be3ea40..75adc7d1c4 100644
--- a/components/node/p2p/peer_gater.go
+++ b/components/node/p2p/peer_gater.go
@@ -3,7 +3,6 @@ package p2p
 import (
 	log "github.com/ethereum/go-ethereum/log"
 	peer "github.com/libp2p/go-libp2p/core/peer"
-	slices "golang.org/x/exp/slices"
 )
 
 // ConnectionFactor is the factor by which we multiply the connection score.
@@ -15,6 +14,7 @@ const PeerScoreThreshold = -100
 // gater is an internal implementation of the [PeerGater] interface.
 type gater struct {
 	connGater  ConnectionGater
+	blockedMap map[peer.ID]bool
 	log        log.Logger
 	banEnabled bool
 }
@@ -25,29 +25,51 @@ type gater struct {
 type PeerGater interface {
 	// Update handles a peer score update and blocks/unblocks the peer if necessary.
 	Update(peer.ID, float64)
+	// IsBlocked returns true if the given [peer.ID] is blocked.
+	IsBlocked(peer.ID) bool
 }
 
 // NewPeerGater returns a new peer gater.
 func NewPeerGater(connGater ConnectionGater, log log.Logger, banEnabled bool) PeerGater {
 	return &gater{
 		connGater:  connGater,
+		blockedMap: make(map[peer.ID]bool),
 		log:        log,
 		banEnabled: banEnabled,
 	}
 }
 
+// IsBlocked returns true if the given [peer.ID] is blocked.
+func (g *gater) IsBlocked(peerID peer.ID) bool {
+	return g.blockedMap[peerID]
+}
+
+// setBlocked sets the blocked status of the given [peer.ID].
+func (g *gater) setBlocked(peerID peer.ID, blocked bool) {
+	g.blockedMap[peerID] = blocked
+}
+
 // Update handles a peer score update and blocks/unblocks the peer if necessary.
-func (s *gater) Update(id peer.ID, score float64) {
+func (g *gater) Update(id peer.ID, score float64) {
 	// Check if the peer score is below the threshold
 	// If so, we need to block the peer
-	if score < PeerScoreThreshold && s.banEnabled {
-		s.log.Warn("peer blocking enabled, blocking peer", "id", id.String(), "score", score)
-		err := s.connGater.BlockPeer(id)
-		s.log.Warn("connection gater failed to block peer", id.String(), "err", err)
+	isAlreadyBlocked := g.IsBlocked(id)
+	if score < PeerScoreThreshold && g.banEnabled && !isAlreadyBlocked {
+		g.log.Warn("peer blocking enabled, blocking peer", "id", id.String(), "score", score)
+		err := g.connGater.BlockPeer(id)
+		if err != nil {
+			g.log.Warn("connection gater failed to block peer", id.String(), "err", err)
+		}
+		// Set the peer as blocked in the blocked map
+		g.setBlocked(id, true)
 	}
 	// Unblock peers whose score has recovered to an acceptable level
-	if (score > PeerScoreThreshold) && slices.Contains(s.connGater.ListBlockedPeers(), id) {
-		err := s.connGater.UnblockPeer(id)
-		s.log.Warn("connection gater failed to unblock peer", id.String(), "err", err)
+	if (score > PeerScoreThreshold) && isAlreadyBlocked {
+		err := g.connGater.UnblockPeer(id)
+		if err != nil {
+			g.log.Warn("connection gater failed to unblock peer", id.String(), "err", err)
+		}
+		// Set the peer as unblocked in the blocked map
+		g.setBlocked(id, false)
 	}
 }
diff --git a/components/node/p2p/peer_gater_test.go b/components/node/p2p/peer_gater_test.go
index 724c170745..5a48726cb8 100644
--- a/components/node/p2p/peer_gater_test.go
+++ b/components/node/p2p/peer_gater_test.go
@@ -38,30 +38,59 @@ func (testSuite *PeerGaterTestSuite) TestPeerScoreConstants() {
 }
 
 // TestPeerGaterUpdate tests the peer gater update hook.
-func (testSuite *PeerGaterTestSuite) TestPeerGaterUpdate() {
+func (testSuite *PeerGaterTestSuite) TestPeerGater_UpdateBansPeers() {
 	gater := p2p.NewPeerGater(
 		testSuite.mockGater,
 		testSuite.logger,
 		true,
 	)
 
+	// Return an empty list of already blocked peers
+	testSuite.mockGater.On("ListBlockedPeers").Return([]peer.ID{}).Once()
+
 	// Mock a connection gater peer block call
 	// Since the peer score is below the [PeerScoreThreshold] of -100,
 	// the [BlockPeer] method should be called
-	testSuite.mockGater.On("BlockPeer", peer.ID("peer1")).Return(nil)
+	testSuite.mockGater.On("BlockPeer", peer.ID("peer1")).Return(nil).Once()
+
+	// The peer should initially be unblocked
+	testSuite.False(gater.IsBlocked(peer.ID("peer1")))
 
 	// Apply the peer gater update
-	gater.Update(peer.ID("peer1"), float64(-100))
+	gater.Update(peer.ID("peer1"), float64(-101))
+
+	// The peer should be considered blocked
+	testSuite.True(gater.IsBlocked(peer.ID("peer1")))
+
+	// Now let's unblock the peer
+	testSuite.mockGater.On("UnblockPeer", peer.ID("peer1")).Return(nil).Once()
+	gater.Update(peer.ID("peer1"), float64(0))
+
+	// The peer should be considered unblocked
+	testSuite.False(gater.IsBlocked(peer.ID("peer1")))
 }
 
 // TestPeerGaterUpdateNoBanning tests the peer gater update hook without banning set
-func (testSuite *PeerGaterTestSuite) TestPeerGaterUpdateNoBanning() {
+func (testSuite *PeerGaterTestSuite) TestPeerGater_UpdateNoBanning() {
 	gater := p2p.NewPeerGater(
 		testSuite.mockGater,
 		testSuite.logger,
 		false,
 	)
 
+	// Return an empty list of already blocked peers
+	testSuite.mockGater.On("ListBlockedPeers").Return([]peer.ID{})
+
 	// Notice: [BlockPeer] should not be called since banning is not enabled
+	// even though the peer score is way below the [PeerScoreThreshold] of -100
 	gater.Update(peer.ID("peer1"), float64(-100000))
+
+	// The peer should be unblocked
+	testSuite.False(gater.IsBlocked(peer.ID("peer1")))
+
+	// Make sure that if we then "unblock" the peer, nothing happens
+	gater.Update(peer.ID("peer1"), float64(0))
+
+	// The peer should still be unblocked
+	testSuite.False(gater.IsBlocked(peer.ID("peer1")))
 }
diff --git a/components/node/p2p/peer_scorer.go b/components/node/p2p/peer_scorer.go
index 3848488df0..630775a438 100644
--- a/components/node/p2p/peer_scorer.go
+++ b/components/node/p2p/peer_scorer.go
@@ -1,16 +1,83 @@
 package p2p
 
 import (
+	"fmt"
+	"sort"
+	"strconv"
+	"strings"
+
 	log "github.com/ethereum/go-ethereum/log"
 	pubsub "github.com/libp2p/go-libp2p-pubsub"
 	peer "github.com/libp2p/go-libp2p/core/peer"
 )
 
 type scorer struct {
-	peerStore Peerstore
-	metricer  GossipMetricer
-	log       log.Logger
-	gater     PeerGater
+	peerStore           Peerstore
+	metricer            GossipMetricer
+	log                 log.Logger
+	gater               PeerGater
+	bandScoreThresholds *BandScoreThresholds
+}
+
+// scorePair holds a band and its corresponding threshold.
+type scorePair struct {
+	band      string
+	threshold float64
+}
+
+// BandScoreThresholds holds the thresholds for classifying peers
+// into different score bands.
+type BandScoreThresholds struct {
+	bands []scorePair
+}
+
+// NewBandScorer constructs a new [BandScoreThresholds] instance.
+func NewBandScorer(str string) (*BandScoreThresholds, error) {
+	s := &BandScoreThresholds{
+		bands: make([]scorePair, 0),
+	}
+
+	for _, band := range strings.Split(str, ";") {
+		// Skip empty band strings.
+		band := strings.TrimSpace(band)
+		if band == "" {
+			continue
+		}
+		split := strings.Split(band, ":")
+		if len(split) != 2 {
+			return nil, fmt.Errorf("invalid score band: %s", band)
+		}
+		threshold, err := strconv.ParseFloat(split[0], 64)
+		if err != nil {
+			return nil, err
+		}
+		s.bands = append(s.bands, scorePair{
+			band:      split[1],
+			threshold: threshold,
+		})
+	}
+
+	// Order the bands by threshold in ascending order.
+	sort.Slice(s.bands, func(i, j int) bool {
+		return s.bands[i].threshold < s.bands[j].threshold
+	})
+
+	return s, nil
+}
+
+// Bucket returns the appropriate band for a given score.
+func (s *BandScoreThresholds) Bucket(score float64) string {
+	for _, pair := range s.bands {
+		if score <= pair.threshold {
+			return pair.band
+		}
+	}
+	// If there is no band threshold higher than the score,
+	// the peer must be placed in the highest bucket.
+	if len(s.bands) > 0 {
+		return s.bands[len(s.bands)-1].band
+	}
+	return ""
 }
 
 // Peerstore is a subset of the libp2p peerstore.Peerstore interface.
@@ -34,12 +101,13 @@ type Scorer interface {
 }
 
 // NewScorer returns a new peer scorer.
-func NewScorer(peerGater PeerGater, peerStore Peerstore, metricer GossipMetricer, log log.Logger) Scorer {
+func NewScorer(peerGater PeerGater, peerStore Peerstore, metricer GossipMetricer, bandScoreThresholds *BandScoreThresholds, log log.Logger) Scorer {
 	return &scorer{
-		peerStore: peerStore,
-		metricer:  metricer,
-		log:       log,
-		gater:     peerGater,
+		peerStore:           peerStore,
+		metricer:            metricer,
+		log:                 log,
+		gater:               peerGater,
+		bandScoreThresholds: bandScoreThresholds,
 	}
 }
 
@@ -48,13 +116,18 @@ func NewScorer(peerGater PeerGater, peerStore Peerstore, metricer GossipMetricer
 // The returned [pubsub.ExtendedPeerScoreInspectFn] is called with a mapping of peer IDs to peer score snapshots.
 func (s *scorer) SnapshotHook() pubsub.ExtendedPeerScoreInspectFn {
 	return func(m map[peer.ID]*pubsub.PeerScoreSnapshot) {
+		scoreMap := make(map[string]float64)
+		// Zero out all bands.
+		for _, b := range s.bandScoreThresholds.bands {
+			scoreMap[b.band] = 0
+		}
+		// Now set the new scores.
 		for id, snap := range m {
-			// Record peer score in the metricer
-			s.metricer.RecordPeerScoring(id, snap.Score)
-
-			// Update with the peer gater
+			band := s.bandScoreThresholds.Bucket(snap.Score)
+			scoreMap[band] += 1
 			s.gater.Update(id, snap.Score)
 		}
+		s.metricer.SetPeerScores(scoreMap)
 	}
 }
 
diff --git a/components/node/p2p/peer_scorer_test.go b/components/node/p2p/peer_scorer_test.go
index 0e9a879b8c..f29580cea0 100644
--- a/components/node/p2p/peer_scorer_test.go
+++ b/components/node/p2p/peer_scorer_test.go
@@ -21,15 +21,18 @@ type PeerScorerTestSuite struct {
 	mockGater    *p2pMocks.PeerGater
 	mockStore    *p2pMocks.Peerstore
 	mockMetricer *p2pMocks.GossipMetricer
+	bandScorer   *p2p.BandScoreThresholds
 	logger       log.Logger
 }
 
 // SetupTest sets up the test suite.
 func (testSuite *PeerScorerTestSuite) SetupTest() {
 	testSuite.mockGater = &p2pMocks.PeerGater{}
-	// testSuite.mockConnGater = &p2pMocks.ConnectionGater{}
 	testSuite.mockStore = &p2pMocks.Peerstore{}
 	testSuite.mockMetricer = &p2pMocks.GossipMetricer{}
+	bandScorer, err := p2p.NewBandScorer("-40:graylist;0:friend;")
+	testSuite.NoError(err)
+	testSuite.bandScorer = bandScorer
 	testSuite.logger = testlog.Logger(testSuite.T(), log.LvlError)
 }
 
@@ -38,44 +41,49 @@ func TestPeerScorer(t *testing.T) {
 	suite.Run(t, new(PeerScorerTestSuite))
 }
 
-// TestPeerScorerOnConnect ensures we can call the OnConnect method on the peer scorer.
-func (testSuite *PeerScorerTestSuite) TestPeerScorerOnConnect() {
+// TestScorer_OnConnect ensures we can call the OnConnect method on the peer scorer.
+func (testSuite *PeerScorerTestSuite) TestScorer_OnConnect() {
 	scorer := p2p.NewScorer(
 		testSuite.mockGater,
 		testSuite.mockStore,
 		testSuite.mockMetricer,
+		testSuite.bandScorer,
 		testSuite.logger,
 	)
 	scorer.OnConnect()
 }
 
-// TestPeerScorerOnDisconnect ensures we can call the OnDisconnect method on the peer scorer.
-func (testSuite *PeerScorerTestSuite) TestPeerScorerOnDisconnect() {
+// TestScorer_OnDisconnect ensures we can call the OnDisconnect method on the peer scorer.
+func (testSuite *PeerScorerTestSuite) TestScorer_OnDisconnect() {
 	scorer := p2p.NewScorer(
 		testSuite.mockGater,
 		testSuite.mockStore,
 		testSuite.mockMetricer,
+		testSuite.bandScorer,
 		testSuite.logger,
 	)
 	scorer.OnDisconnect()
 }
 
-// TestSnapshotHook tests running the snapshot hook on the peer scorer.
-func (testSuite *PeerScorerTestSuite) TestSnapshotHook() {
+// TestScorer_SnapshotHook tests running the snapshot hook on the peer scorer.
+func (testSuite *PeerScorerTestSuite) TestScorer_SnapshotHook() {
 	scorer := p2p.NewScorer(
 		testSuite.mockGater,
 		testSuite.mockStore,
 		testSuite.mockMetricer,
+		testSuite.bandScorer,
 		testSuite.logger,
 	)
 	inspectFn := scorer.SnapshotHook()
 
-	// Mock the snapshot updates
-	// This doesn't return anything
-	testSuite.mockMetricer.On("RecordPeerScoring", peer.ID("peer1"), float64(-100)).Return(nil)
-
 	// Mock the peer gater call
-	testSuite.mockGater.On("Update", peer.ID("peer1"), float64(-100)).Return(nil)
+	testSuite.mockGater.On("Update", peer.ID("peer1"), float64(-100)).Return(nil).Once()
+
+	// The metricer should then be called with the peer score band map
+	testSuite.mockMetricer.On("SetPeerScores", map[string]float64{
+		"friend":   0,
+		"graylist": 1,
+	}).Return(nil).Once()
 
 	// Apply the snapshot
 	snapshotMap := map[peer.ID]*pubsub.PeerScoreSnapshot{
@@ -84,26 +92,46 @@ func (testSuite *PeerScorerTestSuite) TestSnapshotHook() {
 		},
 	}
 	inspectFn(snapshotMap)
+
+	// Change the peer score now to a different band
+	testSuite.mockGater.On("Update", peer.ID("peer1"), float64(0)).Return(nil).Once()
+
+	// The metricer should then be called with the peer score band map
+	testSuite.mockMetricer.On("SetPeerScores", map[string]float64{
+		"friend":   1,
+		"graylist": 0,
+	}).Return(nil).Once()
+
+	// Apply the snapshot
+	snapshotMap = map[peer.ID]*pubsub.PeerScoreSnapshot{
+		peer.ID("peer1"): {
+			Score: 0,
+		},
+	}
+	inspectFn(snapshotMap)
 }
 
-// TestSnapshotHookBlockPeer tests running the snapshot hook on the peer scorer with a peer score below the threshold.
+// TestScorer_SnapshotHookBlocksPeer tests running the snapshot hook on the peer scorer with a peer score below the threshold.
 // This implies that the peer should be blocked.
-func (testSuite *PeerScorerTestSuite) TestSnapshotHookBlockPeer() {
+func (testSuite *PeerScorerTestSuite) TestScorer_SnapshotHookBlocksPeer() {
 	scorer := p2p.NewScorer(
 		testSuite.mockGater,
 		testSuite.mockStore,
 		testSuite.mockMetricer,
+		testSuite.bandScorer,
 		testSuite.logger,
 	)
 	inspectFn := scorer.SnapshotHook()
 
-	// Mock the snapshot updates
-	// This doesn't return anything
-	testSuite.mockMetricer.On("RecordPeerScoring", peer.ID("peer1"), float64(-101)).Return(nil)
-
 	// Mock the peer gater call
 	testSuite.mockGater.On("Update", peer.ID("peer1"), float64(-101)).Return(nil)
 
+	// The metricer should then be called with the peer score band map
+	testSuite.mockMetricer.On("SetPeerScores", map[string]float64{
+		"friend":   0,
+		"graylist": 1,
+	}).Return(nil)
+
 	// Apply the snapshot
 	snapshotMap := map[peer.ID]*pubsub.PeerScoreSnapshot{
 		peer.ID("peer1"): {
diff --git a/components/node/p2p/peer_scores.go b/components/node/p2p/peer_scores.go
index d6a172ded2..93441262ef 100644
--- a/components/node/p2p/peer_scores.go
+++ b/components/node/p2p/peer_scores.go
@@ -14,7 +14,7 @@ func ConfigurePeerScoring(h host.Host, g ConnectionGater, gossipConf GossipSetup
 	peerScoreThresholds := NewPeerScoreThresholds()
 	banEnabled := gossipConf.BanPeers()
 	peerGater := NewPeerGater(g, log, banEnabled)
-	scorer := NewScorer(peerGater, h.Peerstore(), m, log)
+	scorer := NewScorer(peerGater, h.Peerstore(), m, gossipConf.PeerBandScorer(), log)
 	opts := []pubsub.Option{}
 	// Check the app specific score since libp2p doesn't export it's [validate] function :/
 	if peerScoreParams != nil && peerScoreParams.AppSpecificScore != nil {
diff --git a/components/node/p2p/peer_scores_test.go b/components/node/p2p/peer_scores_test.go
index 02e91a2bbf..abc54c59c1 100644
--- a/components/node/p2p/peer_scores_test.go
+++ b/components/node/p2p/peer_scores_test.go
@@ -28,6 +28,7 @@ type PeerScoresTestSuite struct {
 	mockGater    *p2pMocks.ConnectionGater
 	mockStore    *p2pMocks.Peerstore
 	mockMetricer *p2pMocks.GossipMetricer
+	bandScorer   p2p.BandScoreThresholds
 	logger       log.Logger
 }
 
@@ -36,6 +37,9 @@ func (testSuite *PeerScoresTestSuite) SetupTest() {
 	testSuite.mockGater = &p2pMocks.ConnectionGater{}
 	testSuite.mockStore = &p2pMocks.Peerstore{}
 	testSuite.mockMetricer = &p2pMocks.GossipMetricer{}
+	bandScorer, err := p2p.NewBandScorer("0:graylist;")
+	testSuite.NoError(err)
+	testSuite.bandScorer = *bandScorer
 	testSuite.logger = testlog.Logger(testSuite.T(), log.LvlError)
 }
 
@@ -66,6 +70,7 @@ func newGossipSubs(testSuite *PeerScoresTestSuite, ctx context.Context, hosts []
 		rt := pubsub.DefaultGossipSubRouter(h)
 		opts := []pubsub.Option{}
 		opts = append(opts, p2p.ConfigurePeerScoring(h, testSuite.mockGater, &p2p.Config{
+			BandScoreThresholds: testSuite.bandScorer,
 			PeerScoring: pubsub.PeerScoreParams{
 				AppSpecificScore: func(p peer.ID) float64 {
 					if p == hosts[0].ID() {
@@ -116,8 +121,7 @@ func (testSuite *PeerScoresTestSuite) TestNegativeScores() {
 	ctx, cancel := context.WithCancel(context.Background())
 	defer cancel()
 
-	testSuite.mockMetricer.On("RecordPeerScoring", mock.Anything, float64(0)).Return(nil)
-	testSuite.mockMetricer.On("RecordPeerScoring", mock.Anything, float64(-1000)).Return(nil)
+	testSuite.mockMetricer.On("SetPeerScores", mock.Anything).Return(nil)
 
 	testSuite.mockGater.On("ListBlockedPeers").Return([]peer.ID{})
 
diff --git a/components/node/p2p/prepared.go b/components/node/p2p/prepared.go
index bf20ae47db..30b123e654 100644
--- a/components/node/p2p/prepared.go
+++ b/components/node/p2p/prepared.go
@@ -21,6 +21,8 @@ type Prepared struct {
 	HostP2P   host.Host
 	LocalNode *enode.LocalNode
 	UDPv5     *discover.UDPv5
+
+	EnableReqRespSync bool
 }
 
 var _ SetupP2P = (*Prepared)(nil)
@@ -67,6 +69,10 @@ func (p *Prepared) PeerScoringParams() *pubsub.PeerScoreParams {
 	return nil
 }
 
+func (p *Prepared) PeerBandScorer() *BandScoreThresholds {
+	return nil
+}
+
 func (p *Prepared) BanPeers() bool {
 	return false
 }
@@ -78,3 +84,7 @@ func (p *Prepared) TopicScoringParams() *pubsub.TopicScoreParams {
 func (p *Prepared) Disabled() bool {
 	return false
 }
+
+func (p *Prepared) ReqRespSyncEnabled() bool {
+	return p.EnableReqRespSync
+}
diff --git a/components/node/p2p/sync.go b/components/node/p2p/sync.go
new file mode 100644
index 0000000000..f52a745e92
--- /dev/null
+++ b/components/node/p2p/sync.go
@@ -0,0 +1,766 @@
+package p2p
+
+import (
+	"bytes"
+	"context"
+	"encoding/binary"
+	"errors"
+	"fmt"
+	"io"
+	"math/big"
+	"sync"
+	"sync/atomic"
+	"time"
+
+	"github.com/ethereum/go-ethereum"
+	"github.com/ethereum/go-ethereum/common"
+	"github.com/ethereum/go-ethereum/log"
+	"github.com/golang/snappy"
+	"github.com/hashicorp/golang-lru/v2/simplelru"
+	"github.com/libp2p/go-libp2p/core/network"
+	"github.com/libp2p/go-libp2p/core/peer"
+	"github.com/libp2p/go-libp2p/core/protocol"
+	"golang.org/x/time/rate"
+
+	"github.com/kroma-network/kroma/components/node/eth"
+	"github.com/kroma-network/kroma/components/node/rollup"
+)
+
+// StreamCtxFn provides a new context to use when handling stream requests
+type StreamCtxFn func() context.Context
+
+// Note: the mocknet in testing does not support read/write stream timeouts, the timeouts are only applied if available.
+// Rate-limits always apply, and are making sure the request/response throughput is not too fast, instead of too slow.
+const (
+	// timeout for opening a req-resp stream to another peer. This may involve some protocol negotiation.
+	streamTimeout = time.Second * 5
+	// timeout for writing the request as client. Can be as long as serverReadRequestTimeout
+	clientWriteRequestTimeout = time.Second * 10
+	// timeout for reading a response of a serving peer as client. Can be as long as serverWriteChunkTimeout
+	clientReadResponsetimeout = time.Second * 10
+	// timeout for reading the request content, deny the request if it cannot be fully read in time
+	serverReadRequestTimeout = time.Second * 10
+	// timeout for writing a single response message chunk
+	// (if a future response consists of multiple chunks, reset the writing timeout per chunk)
+	serverWriteChunkTimeout = time.Second * 10
+	// after the rate-limit reservation hits the max throttle delay, give up on serving a request and just close the stream
+	maxThrottleDelay = time.Second * 20
+	// Do not serve more than 20 requests per second
+	globalServerBlocksRateLimit rate.Limit = 20
+	// Allow up to 5 concurrent requests to be served, eating into our rate-limit
+	globalServerBlocksBurst = 5
+	// Do not serve more than 5 requests per second to the same peer, so we can serve other peers at the same time
+	peerServerBlocksRateLimit rate.Limit = 5
+	// Allow a peer to burst 3 requests, so it does not have to wait
+	peerServerBlocksBurst = 3
+	// If the client hits a request error, it counts as a lot of rate-limit tokens for syncing from that peer:
+	// we rather sync from other servers. We'll try again later,
+	// and eventually kick the peer based on degraded scoring if it's really not serving us well.
+	clientErrRateCost = 100
+)
+
+func PayloadByNumberProtocolID(l2ChainID *big.Int) protocol.ID {
+	return protocol.ID(fmt.Sprintf("/opstack/req/payload_by_number/%d/0", l2ChainID))
+}
+
+type requestHandlerFn func(ctx context.Context, log log.Logger, stream network.Stream)
+
+func MakeStreamHandler(resourcesCtx context.Context, log log.Logger, fn requestHandlerFn) network.StreamHandler {
+	return func(stream network.Stream) {
+		log := log.New("peer", stream.Conn().ID(), "remote", stream.Conn().RemoteMultiaddr())
+		defer func() {
+			if err := recover(); err != nil {
+				log.Error("p2p server request handling panic", "err", err, "protocol", stream.Protocol())
+			}
+		}()
+		defer stream.Close()
+		fn(resourcesCtx, log, stream)
+	}
+}
+
+type newStreamFn func(ctx context.Context, peerId peer.ID, protocolId ...protocol.ID) (network.Stream, error)
+
+type receivePayloadFn func(ctx context.Context, from peer.ID, payload *eth.ExecutionPayload) error
+
+type rangeRequest struct {
+	start uint64
+	end   eth.L2BlockRef
+}
+
+type syncResult struct {
+	payload *eth.ExecutionPayload
+	peer    peer.ID
+}
+
+type peerRequest struct {
+	num uint64
+
+	complete *atomic.Bool
+}
+
+type SyncClientMetrics interface {
+	ClientPayloadByNumberEvent(num uint64, resultCode byte, duration time.Duration)
+	PayloadsQuarantineSize(n int)
+}
+
+// SyncClient implements a reverse chain sync with a minimal interface:
+// signal the desired range, and receive blocks within this range back.
+// Through parent-hash verification, received blocks are all ensured to be part of the canonical chain at one point,
+// but it is up to the user to organize and process the results further.
+//
+// For the sync-client to retrieve any data, peers must be added with AddPeer(id), and removed upon disconnect with RemovePeer(id).
+// The client is started with Start(), and may be started before or after changing any peers.
+//
+// ### Stages
+//
+// The sync mechanism is implemented as following:
+// - User sends range request: blocks on sync main loop (with ctx timeout)
+// - Main loop processes range request (from high to low), dividing block requests by number between parallel peers.
+//   - The high part of the range has a known block-hash, and is marked as trusted.
+//   - Once there are no more peers available for buffering requests, we stop the range request processing.
+//   - Every request buffered for a peer is tracked as in-flight, by block number.
+//   - In-flight requests are not repeated
+//   - Requests for data that's already in the quarantine are not repeated
+//   - Data already in the quarantine that is trusted is attempted to be promoted.
+//
+// - Peers each have their own routine for processing requests.
+//   - They fetch the requested block by number, parse and validate it, and then send it back to the main loop
+//   - If peers fail to fetch or process it, or fail to send it back to the main loop within timeout,
+//     then the doRequest returns an error. It then marks the in-flight request as completed.
+//
+// - Main loop receives results synchronously with the range requests
+//   - The result is removed from in-flight tracker
+//   - The result is added to the quarantine
+//   - If we trust the hash, we try to promote the result.
+//
+// ### Concepts
+//
+// The main concepts are:
+// - Quarantine: an LRU that stores the latest fetched block data, by hash as well as an extra index by number.
+//
+//   - Quarantine eviction: upon regular LRU eviction, or explicit removal (when we learn data is not canonical),
+//     the sync result is removed from quarantine without being forwarded to the receiver.
+//     The peer that provided the data may be down-scored for providing un-utilized data if the data
+//     is not trusted during eviction.
+//
+// - Trusted data: data becomes trusted through 2 ways:
+//   - The hash / parent-hash of the sync target is marked as trusted.
+//   - The parent-hash of any promoted data is marked as trusted.
+//
+// - The trusted-data is maintained in LRU: we only care about the recent accessed blocks.
+//
+//   - Result promotion: content from the quarantine is "promoted" when we find the blockhash is trusted.
+//     The data is removed from the quarantine, and forwarded to the receiver.
+//
+// ### Usage
+//
+// The user is expected to request the range of blocks between its existing chain head,
+// and a trusted future block-hash as reference to sync towards.
+// Upon receiving results from the sync-client, the user should adjust down its sync-target
+// based on the received results, to avoid duplicating work when req-requesting an updated range.
+// Range requests should still be repeated eventually however, as the sync client will give up on syncing a large range
+// when it's too busy syncing.
+//
+// The rationale for this approach is that this sync mechanism is primarily intended
+// for quickly filling gaps between an existing chain and a gossip chain, and not for very long block ranges.
+// Syncing in the execution-layer (through snap-sync) is more appropriate for long ranges.
+// If the user does sync a long range of blocks through this mechanism,
+// it does end up traversing through the chain, but receives the blocks in reverse order.
+// It is up to the user to persist the blocks for later processing, or drop & resync them if persistence is limited.
+type SyncClient struct {
+	log log.Logger
+
+	cfg *rollup.Config
+
+	metrics SyncClientMetrics
+
+	newStreamFn     newStreamFn
+	payloadByNumber protocol.ID
+
+	peersLock sync.Mutex
+	// syncing worker per peer
+	peers map[peer.ID]context.CancelFunc
+
+	// trusted blocks are, or have been, canonical at one point.
+	// Everything that's trusted is acceptable to pass to the sync receiver,
+	// but we target to just sync the blocks of the latest canonical view of the chain.
+	trusted *simplelru.LRU[common.Hash, struct{}]
+
+	// quarantine is a LRU of untrusted results: blocks that could not be verified yet
+	quarantine *simplelru.LRU[common.Hash, syncResult]
+	// quarantineByNum indexes the quarantine contents by number.
+	// No duplicates here, only the latest quarantine write is indexed.
+	// This map is cleared upon evictions of items from the quarantine LRU
+	quarantineByNum map[uint64]common.Hash
+
+	// inFlight requests are not repeated
+	inFlight map[uint64]*atomic.Bool
+
+	requests     chan rangeRequest
+	peerRequests chan peerRequest
+
+	results chan syncResult
+
+	receivePayload receivePayloadFn
+
+	// resource context: all peers and mainLoop tasks inherit this, and start shutting down once resCancel() is called.
+	resCtx    context.Context
+	resCancel context.CancelFunc
+
+	// wait group: wait for the resources to close. Adding to this is only safe if the peersLock is held.
+	wg sync.WaitGroup
+
+	// Don't allow anything to be added to the wait-group while, or after, we are shutting down.
+	// This is protected by peersLock.
+	closingPeers bool
+}
+
+func NewSyncClient(log log.Logger, cfg *rollup.Config, newStream newStreamFn, rcv receivePayloadFn, metrics SyncClientMetrics) *SyncClient {
+	ctx, cancel := context.WithCancel(context.Background())
+
+	c := &SyncClient{
+		log:             log,
+		cfg:             cfg,
+		metrics:         metrics,
+		newStreamFn:     newStream,
+		payloadByNumber: PayloadByNumberProtocolID(cfg.L2ChainID),
+		peers:           make(map[peer.ID]context.CancelFunc),
+		quarantineByNum: make(map[uint64]common.Hash),
+		inFlight:        make(map[uint64]*atomic.Bool),
+		requests:        make(chan rangeRequest), // blocking
+		peerRequests:    make(chan peerRequest, 128),
+		results:         make(chan syncResult, 128),
+		resCtx:          ctx,
+		resCancel:       cancel,
+		receivePayload:  rcv,
+	}
+	// never errors with positive LRU cache size
+	// TODO(CLI-3733): if we had an LRU based on on total payloads size, instead of payload count,
+	//  we can safely buffer more data in the happy case.
+	q, _ := simplelru.NewLRU[common.Hash, syncResult](100, c.onQuarantineEvict)
+	c.quarantine = q
+	trusted, _ := simplelru.NewLRU[common.Hash, struct{}](10000, nil)
+	c.trusted = trusted
+	return c
+}
+
+func (s *SyncClient) Start() {
+	s.peersLock.Lock()
+	s.wg.Add(1)
+	s.peersLock.Unlock()
+	go s.mainLoop()
+}
+
+func (s *SyncClient) AddPeer(id peer.ID) {
+	s.peersLock.Lock()
+	defer s.peersLock.Unlock()
+	if _, ok := s.peers[id]; ok {
+		s.log.Warn("cannot register peer for sync duties, peer was already registered", "peer", id)
+		return
+	}
+	if s.closingPeers {
+		return
+	}
+	s.wg.Add(1)
+	// add new peer routine
+	ctx, cancel := context.WithCancel(s.resCtx)
+	s.peers[id] = cancel
+	go s.peerLoop(ctx, id)
+}
+
+func (s *SyncClient) RemovePeer(id peer.ID) {
+	s.peersLock.Lock()
+	defer s.peersLock.Unlock()
+	cancel, ok := s.peers[id]
+	if !ok {
+		s.log.Warn("cannot remove peer from sync duties, peer was not registered", "peer", id)
+		return
+	}
+	cancel() // once loop exits
+	delete(s.peers, id)
+}
+
+// Close will shut down the sync client and all attached work, and block until shutdown is complete.
+// This will block if the Start() has not created the main background loop.
+func (s *SyncClient) Close() error {
+	s.peersLock.Lock()
+	s.closingPeers = true
+	s.peersLock.Unlock()
+	s.resCancel()
+	s.wg.Wait()
+	return nil
+}
+
+func (s *SyncClient) RequestL2Range(ctx context.Context, start, end eth.L2BlockRef) error {
+	if end == (eth.L2BlockRef{}) {
+		s.log.Debug("P2P sync client received range signal, but cannot sync open-ended chain: need sync target to verify blocks through parent-hashes", "start", start)
+		return nil
+	}
+	// synchronize requests with the main loop for state access
+	select {
+	case s.requests <- rangeRequest{start: start.Number, end: end}:
+		return nil
+	case <-ctx.Done():
+		return fmt.Errorf("too busy with P2P results/requests: %w", ctx.Err())
+	}
+}
+
+const (
+	maxRequestScheduling = time.Second * 3
+	maxResultProcessing  = time.Second * 3
+)
+
+func (s *SyncClient) mainLoop() {
+	defer s.wg.Done()
+	for {
+		select {
+		case req := <-s.requests:
+			ctx, cancel := context.WithTimeout(s.resCtx, maxRequestScheduling)
+			s.onRangeRequest(ctx, req)
+			cancel()
+		case res := <-s.results:
+			ctx, cancel := context.WithTimeout(s.resCtx, maxResultProcessing)
+			s.onResult(ctx, res)
+			cancel()
+		case <-s.resCtx.Done():
+			s.log.Info("stopped P2P req-resp L2 block sync client")
+			return
+		}
+	}
+}
+
+// onRangeRequest is exclusively called by the main loop, and has thus direct access to the request bookkeeping state.
+// This function transforms requested block ranges into work for each peer.
+func (s *SyncClient) onRangeRequest(ctx context.Context, req rangeRequest) {
+	// add req head to trusted set of blocks
+	s.trusted.Add(req.end.Hash, struct{}{})
+	s.trusted.Add(req.end.ParentHash, struct{}{})
+
+	log := s.log.New("target", req.start, "end", req.end)
+
+	// clean up the completed in-flight requests
+	for k, v := range s.inFlight {
+		if v.Load() {
+			delete(s.inFlight, k)
+		}
+	}
+
+	// Now try to fetch lower numbers than current end, to traverse back towards the updated start.
+	for i := uint64(0); ; i++ {
+		num := req.end.Number - 1 - i
+		if num <= req.start {
+			return
+		}
+		// check if we have something in quarantine already
+		if h, ok := s.quarantineByNum[num]; ok {
+			if s.trusted.Contains(h) { // if we trust it, try to promote it.
+				s.tryPromote(h)
+			}
+			// Don't fetch things that we have a candidate for already.
+			// We'll evict it from quarantine by finding a conflict, or if we sync enough other blocks
+			continue
+		}
+
+		if _, ok := s.inFlight[num]; ok {
+			continue // request still in flight
+		}
+		pr := peerRequest{num: num, complete: new(atomic.Bool)}
+
+		log.Debug("Scheduling P2P block request", "num", num)
+		// schedule number
+		select {
+		case s.peerRequests <- pr:
+			s.inFlight[num] = pr.complete
+		case <-ctx.Done():
+			log.Info("did not schedule full P2P sync range", "current", num, "err", ctx.Err())
+			return
+		default: // peers may all be busy processing requests already
+			log.Info("no peers ready to handle block requests for more P2P requests for L2 block history", "current", num)
+			return
+		}
+	}
+}
+
+func (s *SyncClient) onQuarantineEvict(key common.Hash, value syncResult) {
+	delete(s.quarantineByNum, uint64(value.payload.BlockNumber))
+	s.metrics.PayloadsQuarantineSize(s.quarantine.Len())
+	if !s.trusted.Contains(key) {
+		s.log.Debug("evicting untrusted payload from quarantine", "id", value.payload.ID(), "peer", value.peer)
+		// TODO(CLI-3732): downscore peer for having provided us a bad block that never turned out to be canonical
+	} else {
+		s.log.Debug("evicting trusted payload from quarantine", "id", value.payload.ID(), "peer", value.peer)
+	}
+}
+
+func (s *SyncClient) tryPromote(h common.Hash) {
+	parentRes, ok := s.quarantine.Get(h)
+	if ok {
+		// Simply reschedule the result, to get it (and possibly its parents) out of quarantine without recursion.
+		// s.results is buffered, but skip the promotion if the channel is full as it would cause a deadlock.
+		select {
+		case s.results <- parentRes:
+		default:
+			s.log.Debug("failed to signal block for promotion: sync client is too busy", "h", h)
+		}
+	} else {
+		s.log.Debug("cannot find block in quarantine, nothing to promote", "h", h)
+	}
+}
+
+func (s *SyncClient) promote(ctx context.Context, res syncResult) {
+	s.log.Debug("promoting p2p sync result", "payload", res.payload.ID(), "peer", res.peer)
+	if err := s.receivePayload(ctx, res.peer, res.payload); err != nil {
+		s.log.Warn("failed to promote payload, receiver error", "err", err)
+		return
+	}
+	s.trusted.Add(res.payload.BlockHash, struct{}{})
+	if s.quarantine.Remove(res.payload.BlockHash) {
+		s.log.Debug("promoted previously p2p-synced block from quarantine to main", "id", res.payload.ID())
+	} else {
+		s.log.Debug("promoted new p2p-synced block to main", "id", res.payload.ID())
+	}
+
+	// Mark parent block as trusted, so that we can promote it once we receive it / find it
+	s.trusted.Add(res.payload.ParentHash, struct{}{})
+
+	// Try to promote the parent block too, if any: previous unverifiable data may now be canonical
+	s.tryPromote(res.payload.ParentHash)
+
+	// In case we don't have the parent, and what we have in quarantine is wrong,
+	// clear what we buffered in favor of fetching something else.
+	if h, ok := s.quarantineByNum[uint64(res.payload.BlockNumber)-1]; ok {
+		s.quarantine.Remove(h)
+	}
+}
+
+// onResult is exclusively called by the main loop, and has thus direct access to the request bookkeeping state.
+// This function verifies if the result is canonical, and either promotes the result or moves the result into quarantine.
+func (s *SyncClient) onResult(ctx context.Context, res syncResult) {
+	s.log.Debug("processing p2p sync result", "payload", res.payload.ID(), "peer", res.peer)
+	// Clean up the in-flight request, we have a result now.
+	delete(s.inFlight, uint64(res.payload.BlockNumber))
+	// Always put it in quarantine first. If promotion fails because the receiver is too busy, this functions as cache.
+	s.quarantine.Add(res.payload.BlockHash, res)
+	s.quarantineByNum[uint64(res.payload.BlockNumber)] = res.payload.BlockHash
+	s.metrics.PayloadsQuarantineSize(s.quarantine.Len())
+	// If we know this block is canonical, then promote it
+	if s.trusted.Contains(res.payload.BlockHash) {
+		s.promote(ctx, res)
+	}
+}
+
+// peerLoop for syncing from a single peer
+func (s *SyncClient) peerLoop(ctx context.Context, id peer.ID) {
+	defer func() {
+		s.peersLock.Lock()
+		delete(s.peers, id) // clean up
+		s.wg.Done()
+		s.peersLock.Unlock()
+		s.log.Debug("stopped syncing loop of peer", "id", id)
+	}()
+
+	log := s.log.New("peer", id)
+	log.Info("Starting P2P sync client event loop")
+
+	var rl rate.Limiter
+
+	// Implement the same rate limits as the server does per-peer,
+	// so we don't be too aggressive to the server.
+	rl.SetLimit(peerServerBlocksRateLimit)
+	rl.SetBurst(peerServerBlocksBurst)
+
+	for {
+		// wait for peer to be available for more work
+		if err := rl.WaitN(ctx, 1); err != nil {
+			return
+		}
+
+		// once the peer is available, wait for a sync request.
+		select {
+		case pr := <-s.peerRequests:
+			// We already established the peer is available w.r.t. rate-limiting,
+			// and this is the only loop over this peer, so we can request now.
+			start := time.Now()
+			err := s.doRequest(ctx, id, pr.num)
+			if err != nil {
+				// mark as complete if there's an error: we are not sending any result and can complete immediately.
+				pr.complete.Store(true)
+				log.Warn("failed p2p sync request", "num", pr.num, "err", err)
+				// If we hit an error, then count it as many requests.
+				// We'd like to avoid making more requests for a while, to back off.
+				if err := rl.WaitN(ctx, clientErrRateCost); err != nil {
+					return
+				}
+			} else {
+				log.Debug("completed p2p sync request", "num", pr.num)
+			}
+			took := time.Since(start)
+			// TODO(CLI-3732): update scores: depending on the speed of the result,
+			//  increase the p2p-sync part of the peer score
+			//  (don't allow the score to grow indefinitely only based on this factor though)
+
+			resultCode := byte(0)
+			if err != nil {
+				if re, ok := err.(requestResultErr); ok {
+					resultCode = re.ResultCode()
+				} else {
+					resultCode = 1
+				}
+			}
+			s.metrics.ClientPayloadByNumberEvent(pr.num, resultCode, took)
+		case <-ctx.Done():
+			return
+		}
+	}
+}
+
+type requestResultErr byte
+
+func (r requestResultErr) Error() string {
+	return fmt.Sprintf("peer failed to serve request with code %d", uint8(r))
+}
+
+func (r requestResultErr) ResultCode() byte {
+	return byte(r)
+}
+
+func (s *SyncClient) doRequest(ctx context.Context, id peer.ID, n uint64) error {
+	// open stream to peer
+	reqCtx, reqCancel := context.WithTimeout(ctx, streamTimeout)
+	str, err := s.newStreamFn(reqCtx, id, s.payloadByNumber)
+	reqCancel()
+	if err != nil {
+		return fmt.Errorf("failed to open stream: %w", err)
+	}
+	defer str.Close()
+	// set write timeout (if available)
+	_ = str.SetWriteDeadline(time.Now().Add(clientWriteRequestTimeout))
+	if err := binary.Write(str, binary.LittleEndian, n); err != nil {
+		return fmt.Errorf("failed to write request (%d): %w", n, err)
+	}
+	if err := str.CloseWrite(); err != nil {
+		return fmt.Errorf("failed to close writer side while making request: %w", err)
+	}
+
+	// set read timeout (if available)
+	_ = str.SetReadDeadline(time.Now().Add(clientReadResponsetimeout))
+
+	// Limit input, as well as output.
+	// Compression may otherwise continue to read ignored data for a small output,
+	// or output more data than desired (zip-bomb)
+	r := io.LimitReader(str, maxGossipSize)
+	var result [1]byte
+	if _, err := io.ReadFull(r, result[:]); err != nil {
+		return fmt.Errorf("failed to read result part of response: %w", err)
+	}
+	if res := result[0]; res != 0 {
+		return requestResultErr(res)
+	}
+	var versionData [4]byte
+	if _, err := io.ReadFull(r, versionData[:]); err != nil {
+		return fmt.Errorf("failed to read version part of response: %w", err)
+	}
+	version := binary.LittleEndian.Uint32(versionData[:])
+	if version != 0 {
+		return fmt.Errorf("unrecognized ExecutionPayload version: %d", version)
+	}
+	// payload is SSZ encoded with Snappy framed compression
+	r = snappy.NewReader(r)
+	r = io.LimitReader(r, maxGossipSize)
+	// We cannot stream straight into the SSZ decoder, since we need the scope of the SSZ payload.
+	// The server does not prepend it, nor would we trust a claimed length anyway, so we buffer the data we get.
+	data, err := io.ReadAll(r)
+	if err != nil {
+		return fmt.Errorf("failed to read response: %w", err)
+	}
+	var res eth.ExecutionPayload
+	if err := res.UnmarshalSSZ(uint32(len(data)), bytes.NewReader(data)); err != nil {
+		return fmt.Errorf("failed to decode response: %w", err)
+	}
+	if err := str.CloseRead(); err != nil {
+		return fmt.Errorf("failed to close reading side")
+	}
+	if err := verifyBlock(&res, n); err != nil {
+		return fmt.Errorf("received execution payload is invalid: %w", err)
+	}
+	select {
+	case s.results <- syncResult{payload: &res, peer: id}:
+	case <-ctx.Done():
+		return fmt.Errorf("failed to process response, sync client is too busy: %w", err)
+	}
+	return nil
+}
+
+func verifyBlock(payload *eth.ExecutionPayload, expectedNum uint64) error {
+	// verify L2 block
+	if expectedNum != uint64(payload.BlockNumber) {
+		return fmt.Errorf("received execution payload for block %d, but expected block %d", payload.BlockNumber, expectedNum)
+	}
+	actual, ok := payload.CheckBlockHash()
+	if !ok { // payload itself contains bad block hash
+		return fmt.Errorf("received execution payload for block %d with bad block hash %s, expected %s", expectedNum, payload.BlockHash, actual)
+	}
+	return nil
+}
+
+// peerStat maintains rate-limiting data of a peer that requests blocks from us.
+type peerStat struct {
+	// Requests tokenizes each request to sync
+	Requests *rate.Limiter
+}
+
+type L2Chain interface {
+	PayloadByNumber(ctx context.Context, number uint64) (*eth.ExecutionPayload, error)
+}
+
+type ReqRespServerMetrics interface {
+	ServerPayloadByNumberEvent(num uint64, resultCode byte, duration time.Duration)
+}
+
+type ReqRespServer struct {
+	cfg *rollup.Config
+
+	l2 L2Chain
+
+	metrics ReqRespServerMetrics
+
+	peerRateLimits *simplelru.LRU[peer.ID, *peerStat]
+	peerStatsLock  sync.Mutex
+
+	globalRequestsRL *rate.Limiter
+}
+
+func NewReqRespServer(cfg *rollup.Config, l2 L2Chain, metrics ReqRespServerMetrics) *ReqRespServer {
+	// We should never allow over 1000 different peers to churn through quickly,
+	// so it's fine to prune rate-limit details past this.
+
+	peerRateLimits, _ := simplelru.NewLRU[peer.ID, *peerStat](1000, nil)
+	// 3 sync requests per second, with 2 burst
+	globalRequestsRL := rate.NewLimiter(globalServerBlocksRateLimit, globalServerBlocksBurst)
+
+	return &ReqRespServer{
+		cfg:              cfg,
+		l2:               l2,
+		metrics:          metrics,
+		peerRateLimits:   peerRateLimits,
+		globalRequestsRL: globalRequestsRL,
+	}
+}
+
+// HandleSyncRequest is a stream handler function to register the L2 unsafe payloads alt-sync protocol.
+// See MakeStreamHandler to transform this into a LibP2P handler function.
+//
+// Note that the same peer may open parallel streams.
+//
+// The caller must Close the stream.
+func (srv *ReqRespServer) HandleSyncRequest(ctx context.Context, log log.Logger, stream network.Stream) {
+	// may stay 0 if we fail to decode the request
+	start := time.Now()
+
+	// We wait as long as necessary; we throttle the peer instead of disconnecting,
+	// unless the delay reaches a threshold that is unreasonable to wait for.
+	ctx, cancel := context.WithTimeout(ctx, maxThrottleDelay)
+	req, err := srv.handleSyncRequest(ctx, stream)
+	cancel()
+
+	resultCode := byte(0)
+	if err != nil {
+		log.Warn("failed to serve p2p sync request", "req", req, "err", err)
+		if errors.Is(err, ethereum.NotFound) {
+			resultCode = 1
+		} else if errors.Is(err, invalidRequestErr) {
+			resultCode = 2
+		} else {
+			resultCode = 3
+		}
+		// try to write error code, so the other peer can understand the reason for failure.
+		_, _ = stream.Write([]byte{resultCode})
+	} else {
+		log.Debug("successfully served sync response", "req", req)
+	}
+	srv.metrics.ServerPayloadByNumberEvent(req, 0, time.Since(start))
+}
+
+var invalidRequestErr = errors.New("invalid request")
+
+func (srv *ReqRespServer) handleSyncRequest(ctx context.Context, stream network.Stream) (uint64, error) {
+	peerId := stream.Conn().RemotePeer()
+
+	// take a token from the global rate-limiter,
+	// to make sure there's not too much concurrent server work between different peers.
+	if err := srv.globalRequestsRL.Wait(ctx); err != nil {
+		return 0, fmt.Errorf("timed out waiting for global sync rate limit: %w", err)
+	}
+
+	// find rate limiting data of peer, or add otherwise
+	srv.peerStatsLock.Lock()
+	ps, _ := srv.peerRateLimits.Get(peerId)
+	if ps == nil {
+		ps = &peerStat{
+			Requests: rate.NewLimiter(peerServerBlocksRateLimit, peerServerBlocksBurst),
+		}
+		srv.peerRateLimits.Add(peerId, ps)
+		ps.Requests.Reserve() // count the hit, but make it delay the next request rather than immediately waiting
+	} else {
+		// Only wait if it's an existing peer, otherwise the instant rate-limit Wait call always errors.
+
+		// If the requester thinks we're taking too long, then it's their problem and they can disconnect.
+		// We'll disconnect ourselves only when failing to read/write,
+		// if the work is invalid (range validation), or when individual sub tasks timeout.
+		if err := ps.Requests.Wait(ctx); err != nil {
+			return 0, fmt.Errorf("timed out waiting for global sync rate limit: %w", err)
+		}
+	}
+	srv.peerStatsLock.Unlock()
+
+	// Set read deadline, if available
+	_ = stream.SetReadDeadline(time.Now().Add(serverReadRequestTimeout))
+
+	// Read the request
+	var req uint64
+	if err := binary.Read(stream, binary.LittleEndian, &req); err != nil {
+		return 0, fmt.Errorf("failed to read requested block number: %w", err)
+	}
+	if err := stream.CloseRead(); err != nil {
+		return req, fmt.Errorf("failed to close reading-side of a P2P sync request call: %w", err)
+	}
+
+	// Check the request is within the expected range of blocks
+	if req < srv.cfg.Genesis.L2.Number {
+		return req, fmt.Errorf("cannot serve request for L2 block %d before genesis %d: %w", req, srv.cfg.Genesis.L2.Number, invalidRequestErr)
+	}
+	max, err := srv.cfg.TargetBlockNumber(uint64(time.Now().Unix()))
+	if err != nil {
+		return req, fmt.Errorf("cannot determine max target block number to verify request: %w", invalidRequestErr)
+	}
+	if req > max {
+		return req, fmt.Errorf("cannot serve request for L2 block %d after max expected block (%v): %w", req, max, invalidRequestErr)
+	}
+
+	payload, err := srv.l2.PayloadByNumber(ctx, req)
+	if err != nil {
+		if errors.Is(err, ethereum.NotFound) {
+			return req, fmt.Errorf("peer requested unknown block by number: %w", err)
+		} else {
+			return req, fmt.Errorf("failed to retrieve payload to serve to peer: %w", err)
+		}
+	}
+
+	// We set write deadline, if available, to safely write without blocking on a throttling peer connection
+	_ = stream.SetWriteDeadline(time.Now().Add(serverWriteChunkTimeout))
+
+	// 0 - resultCode: success = 0
+	// 1:5 - version: 0
+	var tmp [5]byte
+	if _, err := stream.Write(tmp[:]); err != nil {
+		return req, fmt.Errorf("failed to write response header data: %w", err)
+	}
+	w := snappy.NewBufferedWriter(stream)
+	if _, err := payload.MarshalSSZ(w); err != nil {
+		return req, fmt.Errorf("failed to write payload to sync response: %w", err)
+	}
+	if err := w.Close(); err != nil {
+		return req, fmt.Errorf("failed to finishing writing payload to sync response: %w", err)
+	}
+	return req, nil
+}
diff --git a/components/node/p2p/sync_test.go b/components/node/p2p/sync_test.go
new file mode 100644
index 0000000000..57afb3ffd6
--- /dev/null
+++ b/components/node/p2p/sync_test.go
@@ -0,0 +1,227 @@
+package p2p
+
+import (
+	"context"
+	"math/big"
+	"testing"
+
+	"github.com/ethereum/go-ethereum"
+	"github.com/ethereum/go-ethereum/common"
+	"github.com/ethereum/go-ethereum/log"
+	"github.com/libp2p/go-libp2p/core/host"
+	"github.com/libp2p/go-libp2p/core/network"
+	"github.com/libp2p/go-libp2p/core/peer"
+	mocknet "github.com/libp2p/go-libp2p/p2p/net/mock"
+	"github.com/stretchr/testify/require"
+
+	"github.com/kroma-network/kroma/components/node/eth"
+	"github.com/kroma-network/kroma/components/node/metrics"
+	"github.com/kroma-network/kroma/components/node/rollup"
+	"github.com/kroma-network/kroma/components/node/testlog"
+)
+
+type mockPayloadFn func(n uint64) (*eth.ExecutionPayload, error)
+
+func (fn mockPayloadFn) PayloadByNumber(_ context.Context, number uint64) (*eth.ExecutionPayload, error) {
+	return fn(number)
+}
+
+var _ L2Chain = mockPayloadFn(nil)
+
+func setupSyncTestData(length uint64) (*rollup.Config, map[uint64]*eth.ExecutionPayload, func(i uint64) eth.L2BlockRef) {
+	// minimal rollup config to build mock blocks & verify their time.
+	cfg := &rollup.Config{
+		Genesis: rollup.Genesis{
+			L1:     eth.BlockID{Hash: common.Hash{0xaa}},
+			L2:     eth.BlockID{Hash: common.Hash{0xbb}},
+			L2Time: 9000,
+		},
+		BlockTime: 2,
+		L2ChainID: big.NewInt(1234),
+	}
+
+	// create some simple fake test blocks
+	payloads := make(map[uint64]*eth.ExecutionPayload)
+	payloads[0] = &eth.ExecutionPayload{
+		Timestamp: eth.Uint64Quantity(cfg.Genesis.L2Time),
+	}
+	payloads[0].BlockHash, _ = payloads[0].CheckBlockHash()
+	for i := uint64(1); i <= length; i++ {
+		payload := &eth.ExecutionPayload{
+			ParentHash:  payloads[i-1].BlockHash,
+			BlockNumber: eth.Uint64Quantity(i),
+			Timestamp:   eth.Uint64Quantity(cfg.Genesis.L2Time + i*cfg.BlockTime),
+		}
+		payload.BlockHash, _ = payload.CheckBlockHash()
+		payloads[i] = payload
+	}
+
+	l2Ref := func(i uint64) eth.L2BlockRef {
+		return eth.L2BlockRef{
+			Hash:       payloads[i].BlockHash,
+			Number:     uint64(payloads[i].BlockNumber),
+			ParentHash: payloads[i].ParentHash,
+			Time:       uint64(payloads[i].Timestamp),
+		}
+	}
+	return cfg, payloads, l2Ref
+}
+
+func TestSinglePeerSync(t *testing.T) {
+	t.Parallel() // Takes a while, but can run in parallel
+
+	log := testlog.Logger(t, log.LvlError)
+
+	cfg, payloads, l2Ref := setupSyncTestData(25)
+
+	// Serving payloads: just load them from the map, if they exist
+	servePayload := mockPayloadFn(func(n uint64) (*eth.ExecutionPayload, error) {
+		p, ok := payloads[n]
+		if !ok {
+			return nil, ethereum.NotFound
+		}
+		return p, nil
+	})
+
+	// collect received payloads in a buffered channel, so we can verify we get everything
+	received := make(chan *eth.ExecutionPayload, 100)
+	receivePayload := receivePayloadFn(func(ctx context.Context, from peer.ID, payload *eth.ExecutionPayload) error {
+		received <- payload
+		return nil
+	})
+
+	// Setup 2 minimal test hosts to attach the sync protocol to
+	mnet, err := mocknet.FullMeshConnected(2)
+	require.NoError(t, err, "failed to setup mocknet")
+	defer mnet.Close()
+	hosts := mnet.Hosts()
+	hostA, hostB := hosts[0], hosts[1]
+	require.Equal(t, hostA.Network().Connectedness(hostB.ID()), network.Connected)
+
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
+
+	// Setup host A as the server
+	srv := NewReqRespServer(cfg, servePayload, metrics.NoopMetrics)
+	payloadByNumber := MakeStreamHandler(ctx, log.New("role", "server"), srv.HandleSyncRequest)
+	hostA.SetStreamHandler(PayloadByNumberProtocolID(cfg.L2ChainID), payloadByNumber)
+
+	// Setup host B as the client
+	cl := NewSyncClient(log.New("role", "client"), cfg, hostB.NewStream, receivePayload, metrics.NoopMetrics)
+
+	// Setup host B (client) to sync from its peer Host A (server)
+	cl.AddPeer(hostA.ID())
+	cl.Start()
+	defer cl.Close()
+
+	// request to start syncing between 10 and 20
+	require.NoError(t, cl.RequestL2Range(ctx, l2Ref(10), l2Ref(20)))
+
+	// and wait for the sync results to come in (in reverse order)
+	for i := uint64(19); i > 10; i-- {
+		p := <-received
+		require.Equal(t, uint64(p.BlockNumber), i, "expecting payloads in order")
+		exp, ok := payloads[uint64(p.BlockNumber)]
+		require.True(t, ok, "expecting known payload")
+		require.Equal(t, exp.BlockHash, p.BlockHash, "expecting the correct payload")
+	}
+}
+
+func TestMultiPeerSync(t *testing.T) {
+	t.Parallel() // Takes a while, but can run in parallel
+
+	log := testlog.Logger(t, log.LvlError)
+
+	cfg, payloads, l2Ref := setupSyncTestData(100)
+
+	setupPeer := func(ctx context.Context, h host.Host) (*SyncClient, chan *eth.ExecutionPayload) {
+		// Serving payloads: just load them from the map, if they exist
+		servePayload := mockPayloadFn(func(n uint64) (*eth.ExecutionPayload, error) {
+			p, ok := payloads[n]
+			if !ok {
+				return nil, ethereum.NotFound
+			}
+			return p, nil
+		})
+
+		// collect received payloads in a buffered channel, so we can verify we get everything
+		received := make(chan *eth.ExecutionPayload, 100)
+		receivePayload := receivePayloadFn(func(ctx context.Context, from peer.ID, payload *eth.ExecutionPayload) error {
+			received <- payload
+			return nil
+		})
+
+		// Setup as server
+		srv := NewReqRespServer(cfg, servePayload, metrics.NoopMetrics)
+		payloadByNumber := MakeStreamHandler(ctx, log.New("serve", "payloads_by_number"), srv.HandleSyncRequest)
+		h.SetStreamHandler(PayloadByNumberProtocolID(cfg.L2ChainID), payloadByNumber)
+
+		cl := NewSyncClient(log.New("role", "client"), cfg, h.NewStream, receivePayload, metrics.NoopMetrics)
+		return cl, received
+	}
+
+	// Setup 3 minimal test hosts to attach the sync protocol to
+	mnet, err := mocknet.FullMeshConnected(3)
+	require.NoError(t, err, "failed to setup mocknet")
+	defer mnet.Close()
+	hosts := mnet.Hosts()
+	hostA, hostB, hostC := hosts[0], hosts[1], hosts[2]
+	require.Equal(t, hostA.Network().Connectedness(hostB.ID()), network.Connected)
+
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
+
+	clA, recvA := setupPeer(ctx, hostA)
+	clB, recvB := setupPeer(ctx, hostB)
+	clC, _ := setupPeer(ctx, hostC)
+
+	// Make them all sync from each other
+	clA.AddPeer(hostB.ID())
+	clA.AddPeer(hostC.ID())
+	clA.Start()
+	defer clA.Close()
+	clB.AddPeer(hostA.ID())
+	clB.AddPeer(hostC.ID())
+	clB.Start()
+	defer clB.Close()
+	clC.AddPeer(hostA.ID())
+	clC.AddPeer(hostB.ID())
+	clC.Start()
+	defer clC.Close()
+
+	// request to start syncing between 10 and 100
+	require.NoError(t, clA.RequestL2Range(ctx, l2Ref(10), l2Ref(90)))
+
+	// With such large range to request we are going to hit the rate-limits of B and C,
+	// but that means we'll balance the work between the peers.
+	p := <-recvA
+	exp, ok := payloads[uint64(p.BlockNumber)]
+	require.True(t, ok, "expecting known payload")
+	require.Equal(t, exp.BlockHash, p.BlockHash, "expecting the correct payload")
+
+	// now see if B can sync a range, and fill the gap with a re-request
+	bl25 := payloads[25] // temporarily remove it from the available payloads. This will create a gap
+	delete(payloads, uint64(25))
+	require.NoError(t, clB.RequestL2Range(ctx, l2Ref(20), l2Ref(30)))
+	for i := uint64(29); i > 25; i-- {
+		p := <-recvB
+		exp, ok := payloads[uint64(p.BlockNumber)]
+		require.True(t, ok, "expecting known payload")
+		require.Equal(t, exp.BlockHash, p.BlockHash, "expecting the correct payload")
+	}
+	// the request for 25 should fail. See:
+	// server: WARN  peer requested unknown block by number   num=25
+	// client: WARN  failed p2p sync request    num=25 err="peer failed to serve request with code 1"
+	require.Zero(t, len(recvB), "there is a gap, should not see other payloads yet")
+	// Add back the block
+	payloads[25] = bl25
+	// And request a range again, 25 is there now, and 21-24 should follow quickly (some may already have been fetched and wait in quarantine)
+	require.NoError(t, clB.RequestL2Range(ctx, l2Ref(20), l2Ref(26)))
+
+	for i := uint64(25); i > 20; i-- {
+		p := <-recvB
+		exp, ok := payloads[uint64(p.BlockNumber)]
+		require.True(t, ok, "expecting known payload")
+		require.Equal(t, exp.BlockHash, p.BlockHash, "expecting the correct payload")
+	}
+}
diff --git a/components/node/rollup/derive/calldata_source.go b/components/node/rollup/derive/calldata_source.go
index e81bd040a7..e187e3506d 100644
--- a/components/node/rollup/derive/calldata_source.go
+++ b/components/node/rollup/derive/calldata_source.go
@@ -36,7 +36,7 @@ func NewDataSourceFactory(log log.Logger, cfg *rollup.Config, fetcher L1Transact
 	return &DataSourceFactory{log: log, cfg: cfg, fetcher: fetcher}
 }
 
-// OpenData returns a CalldataSourceImpl. This struct implements the `Next` function.
+// OpenData returns a DataIter. This struct implements the `Next` function.
 func (ds *DataSourceFactory) OpenData(ctx context.Context, id eth.BlockID, batcherAddr common.Address) DataIter {
 	return NewDataSource(ctx, ds.log, ds.cfg, ds.fetcher, id, batcherAddr)
 }
diff --git a/components/node/rollup/derive/channel_bank.go b/components/node/rollup/derive/channel_bank.go
index 42050d7c30..723b4ace78 100644
--- a/components/node/rollup/derive/channel_bank.go
+++ b/components/node/rollup/derive/channel_bank.go
@@ -124,6 +124,7 @@ func (cb *ChannelBank) Read() (data []byte, err error) {
 	if !ch.IsReady() {
 		return nil, io.EOF
 	}
+	cb.log.Info("Reading channel", "channel", first, "frames", len(ch.inputs))
 
 	delete(cb.channels, first)
 	cb.channelQueue = cb.channelQueue[1:]
diff --git a/components/node/rollup/derive/channel_in_reader.go b/components/node/rollup/derive/channel_in_reader.go
index 786b513886..39cfe408b1 100644
--- a/components/node/rollup/derive/channel_in_reader.go
+++ b/components/node/rollup/derive/channel_in_reader.go
@@ -21,15 +21,18 @@ type ChannelInReader struct {
 	nextBatchFn func() (BatchWithL1InclusionBlock, error)
 
 	prev *ChannelBank
+
+	metrics Metrics
 }
 
 var _ ResetableStage = (*ChannelInReader)(nil)
 
 // NewChannelInReader creates a ChannelInReader, which should be Reset(origin) before use.
-func NewChannelInReader(log log.Logger, prev *ChannelBank) *ChannelInReader {
+func NewChannelInReader(log log.Logger, prev *ChannelBank, metrics Metrics) *ChannelInReader {
 	return &ChannelInReader{
-		log:  log,
-		prev: prev,
+		log:     log,
+		prev:    prev,
+		metrics: metrics,
 	}
 }
 
@@ -41,6 +44,7 @@ func (cr *ChannelInReader) Origin() eth.L1BlockRef {
 func (cr *ChannelInReader) WriteChannel(data []byte) error {
 	if f, err := BatchReader(bytes.NewBuffer(data), cr.Origin()); err == nil {
 		cr.nextBatchFn = f
+		cr.metrics.RecordChannelInputBytes(len(data))
 		return nil
 	} else {
 		cr.log.Error("Error creating batch reader from channel data", "err", err)
diff --git a/components/node/rollup/derive/channel_out.go b/components/node/rollup/derive/channel_out.go
index 302dd22ee8..67732df1d0 100644
--- a/components/node/rollup/derive/channel_out.go
+++ b/components/node/rollup/derive/channel_out.go
@@ -15,9 +15,17 @@ import (
 	"github.com/kroma-network/kroma/components/node/rollup"
 )
 
+var ErrMaxFrameSizeTooSmall = errors.New("maxSize is too small to fit the fixed frame overhead")
 var ErrNotDepositTx = errors.New("first transaction in block is not a deposit tx")
 var ErrTooManyRLPBytes = errors.New("batch would cause RLP bytes to go over limit")
 
+// FrameV0OverHeadSize is the absolute minimum size of a frame.
+// This is the fixed overhead frame size, calculated as specified
+// in the [Frame Format] specs: 16 + 2 + 4 + 1 = 23 bytes.
+//
+// [Frame Format]: https://github.com/ethereum-optimism/optimism/blob/develop/specs/derivation.md#frame-format
+const FrameV0OverHeadSize = 23
+
 type ChannelOut struct {
 	id ChannelID
 	// Frame ID of the next frame to emit. Increment after emitting
@@ -142,19 +150,23 @@ func (co *ChannelOut) Close() error {
 // OutputFrame writes a frame to w with a given max size and returns the frame
 // number.
 // Use `ReadyBytes`, `Flush`, and `Close` to modify the ready buffer.
-// Returns io.EOF when the channel is closed & there are no more frames
+// Returns an error if the `maxSize` < FrameV0OverHeadSize.
+// Returns io.EOF when the channel is closed & there are no more frames.
 // Returns nil if there is still more buffered data.
-// Returns and error if it ran into an error during processing.
+// Returns an error if it ran into an error during processing.
 func (co *ChannelOut) OutputFrame(w *bytes.Buffer, maxSize uint64) (uint16, error) {
 	f := Frame{
 		ID:          co.id,
 		FrameNumber: uint16(co.frame),
 	}
 
+	// Check that the maxSize is large enough for the frame overhead size.
+	if maxSize < FrameV0OverHeadSize {
+		return 0, ErrMaxFrameSizeTooSmall
+	}
+
 	// Copy data from the local buffer into the frame data buffer
-	// Don't go past the maxSize with the fixed frame overhead.
-	// Fixed overhead: 16 + 2 + 4 + 1 = 23 bytes.
-	maxDataSize := maxSize - 23
+	maxDataSize := maxSize - FrameV0OverHeadSize
 	if maxDataSize > uint64(co.buf.Len()) {
 		maxDataSize = uint64(co.buf.Len())
 		// If we are closed & will not spill past the current frame
@@ -195,6 +207,9 @@ func BlockToBatch(block *types.Block) (*BatchData, L1BlockInfo, error) {
 		}
 		opaqueTxs = append(opaqueTxs, otx)
 	}
+	if len(block.Transactions()) == 0 {
+		return nil, L1BlockInfo{}, fmt.Errorf("block %v has no transactions", block.Hash())
+	}
 	l1InfoTx := block.Transactions()[0]
 	if l1InfoTx.Type() != types.DepositTxType {
 		return nil, L1BlockInfo{}, ErrNotDepositTx
diff --git a/components/node/rollup/derive/channel_out_test.go b/components/node/rollup/derive/channel_out_test.go
index ea6eeac367..167d8aee0e 100644
--- a/components/node/rollup/derive/channel_out_test.go
+++ b/components/node/rollup/derive/channel_out_test.go
@@ -29,6 +29,22 @@ func TestChannelOutAddBlock(t *testing.T) {
 	})
 }
 
+// TestOutputFrameSmallMaxSize tests that calling [OutputFrame] with a small
+// max size that is below the fixed frame size overhead of 23, will return
+// an error.
+func TestOutputFrameSmallMaxSize(t *testing.T) {
+	cout, err := NewChannelOut()
+	require.NoError(t, err)
+
+	// Call OutputFrame with the range of small max size values that err
+	var w bytes.Buffer
+	for i := 0; i < 23; i++ {
+		fid, err := cout.OutputFrame(&w, uint64(i))
+		require.ErrorIs(t, err, ErrMaxFrameSizeTooSmall)
+		require.Zero(t, fid)
+	}
+}
+
 // TestRLPByteLimit ensures that stream encoder is properly limiting the length.
 // It will decode the input if `len(input) <= inputLimit`.
 func TestRLPByteLimit(t *testing.T) {
@@ -116,3 +132,9 @@ func TestForceCloseTxData(t *testing.T) {
 		}
 	}
 }
+
+func TestBlockToBatchValidity(t *testing.T) {
+	block := new(types.Block)
+	_, _, err := BlockToBatch(block)
+	require.ErrorContains(t, err, "has no transactions")
+}
diff --git a/components/node/rollup/derive/engine_queue.go b/components/node/rollup/derive/engine_queue.go
index 1a574cf736..3a87f241ed 100644
--- a/components/node/rollup/derive/engine_queue.go
+++ b/components/node/rollup/derive/engine_queue.go
@@ -107,7 +107,7 @@ type EngineQueue struct {
 	// The queued-up attributes
 	safeAttributesParent eth.L2BlockRef
 	safeAttributes       *eth.PayloadAttributes
-	unsafePayloads       PayloadsQueue // queue of unsafe payloads, ordered by ascending block number, may have gaps
+	unsafePayloads       *PayloadsQueue // queue of unsafe payloads, ordered by ascending block number, may have gaps and duplicates
 
 	// Tracks which L2 blocks where last derived from which L1 block. At most finalityLookback large.
 	finalityData []FinalityData
@@ -127,18 +127,14 @@ var _ EngineControl = (*EngineQueue)(nil)
 // NewEngineQueue creates a new EngineQueue, which should be Reset(origin) before use.
 func NewEngineQueue(log log.Logger, cfg *rollup.Config, engine Engine, metrics Metrics, prev NextAttributesProvider, l1Fetcher L1Fetcher) *EngineQueue {
 	return &EngineQueue{
-		log:          log,
-		cfg:          cfg,
-		engine:       engine,
-		metrics:      metrics,
-		finalityData: make([]FinalityData, 0, finalityLookback),
-		unsafePayloads: PayloadsQueue{
-			MaxSize:  maxUnsafePayloadsMemory,
-			SizeFn:   payloadMemSize,
-			blockNos: make(map[uint64]bool),
-		},
-		prev:      prev,
-		l1Fetcher: l1Fetcher,
+		log:            log,
+		cfg:            cfg,
+		engine:         engine,
+		metrics:        metrics,
+		finalityData:   make([]FinalityData, 0, finalityLookback),
+		unsafePayloads: NewPayloadsQueue(maxUnsafePayloadsMemory, payloadMemSize),
+		prev:           prev,
+		l1Fetcher:      l1Fetcher,
 	}
 }
 
@@ -473,7 +469,7 @@ func (eq *EngineQueue) consolidateNextSafeAttributes(ctx context.Context) error
 		return NewTemporaryError(fmt.Errorf("failed to get existing unsafe payload to compare against derived attributes from L1: %w", err))
 	}
 	if err := AttributesMatchBlock(eq.safeAttributes, eq.safeHead.Hash, payload, eq.log); err != nil {
-		eq.log.Warn("L2 reorg: existing unsafe block does not match derived attributes from L1", "err", err)
+		eq.log.Warn("L2 reorg: existing unsafe block does not match derived attributes from L1", "err", err, "unsafe", eq.unsafeHead, "safe", eq.safeHead)
 		// geth cannot wind back a chain without reorging to a new, previously non-canonical, block
 		return eq.forceNextSafeAttributes(ctx)
 	}
@@ -682,19 +678,15 @@ func (eq *EngineQueue) Reset(ctx context.Context, _ eth.L1BlockRef, _ eth.System
 	return io.EOF
 }
 
-// GetUnsafeQueueGap retrieves the current [start, end] range of the gap between the tip of the unsafe priority queue and the unsafe head.
-// If there is no gap, the difference between end and start will be 0.
-func (eq *EngineQueue) GetUnsafeQueueGap(expectedNumber uint64) (start uint64, end uint64) {
-	// The start of the gap is always the unsafe head + 1
-	start = eq.unsafeHead.Number + 1
-
-	// If the priority queue is empty, the end is the first block number at the top of the priority queue
-	// Otherwise, the end is the expected block number
+// UnsafeL2SyncTarget retrieves the first queued-up L2 unsafe payload, or a zeroed reference if there is none.
+func (eq *EngineQueue) UnsafeL2SyncTarget() eth.L2BlockRef {
 	if first := eq.unsafePayloads.Peek(); first != nil {
-		end = first.ID().Number
+		ref, err := PayloadToBlockRef(first, &eq.cfg.Genesis)
+		if err != nil {
+			return eth.L2BlockRef{}
+		}
+		return ref
 	} else {
-		end = expectedNumber
+		return eth.L2BlockRef{}
 	}
-
-	return start, end
 }
diff --git a/components/node/rollup/derive/payloads_queue.go b/components/node/rollup/derive/payloads_queue.go
index 2eeda24e49..9cc8a4e7f0 100644
--- a/components/node/rollup/derive/payloads_queue.go
+++ b/components/node/rollup/derive/payloads_queue.go
@@ -5,6 +5,7 @@ import (
 	"errors"
 	"fmt"
 
+	"github.com/ethereum/go-ethereum/common"
 	"github.com/kroma-network/kroma/components/node/eth"
 )
 
@@ -49,7 +50,7 @@ func (pq *payloadsByNumber) Pop() any {
 
 const (
 	// ~580 bytes per payload, with some margin for overhead
-	payloadMemFixedCost uint64 = 600
+	payloadMemFixedCost uint64 = 800
 	// 24 bytes per tx overhead (size of slice header in memory)
 	payloadTxMemOverhead uint64 = 24
 )
@@ -72,15 +73,25 @@ func payloadMemSize(p *eth.ExecutionPayload) uint64 {
 // without the need to use heap.Push/heap.Pop as caller.
 // PayloadsQueue maintains a MaxSize by counting and tracking sizes of added eth.ExecutionPayload entries.
 // When the size grows too large, the first (lowest block-number) payload is removed from the queue.
-// PayloadsQueue allows entries with same block number, or even full duplicates.
+// PayloadsQueue allows entries with same block number, but does not allow duplicate blocks
 type PayloadsQueue struct {
 	pq          payloadsByNumber
 	currentSize uint64
 	MaxSize     uint64
-	blockNos    map[uint64]bool
+	blockHashes map[common.Hash]struct{}
 	SizeFn      func(p *eth.ExecutionPayload) uint64
 }
 
+func NewPayloadsQueue(maxSize uint64, sizeFn func(p *eth.ExecutionPayload) uint64) *PayloadsQueue {
+	return &PayloadsQueue{
+		pq:          nil,
+		currentSize: 0,
+		MaxSize:     maxSize,
+		blockHashes: make(map[common.Hash]struct{}),
+		SizeFn:      sizeFn,
+	}
+}
+
 func (upq *PayloadsQueue) Len() int {
 	return len(upq.pq)
 }
@@ -100,8 +111,8 @@ func (upq *PayloadsQueue) Push(p *eth.ExecutionPayload) error {
 	if p == nil {
 		return errors.New("cannot add nil payload")
 	}
-	if upq.blockNos[p.ID().Number] {
-		return errors.New("cannot add duplicate payload")
+	if _, ok := upq.blockHashes[p.BlockHash]; ok {
+		return fmt.Errorf("cannot add duplicate payload %s", p.ID())
 	}
 	size := upq.SizeFn(p)
 	if size > upq.MaxSize {
@@ -115,7 +126,7 @@ func (upq *PayloadsQueue) Push(p *eth.ExecutionPayload) error {
 	for upq.currentSize > upq.MaxSize {
 		upq.Pop()
 	}
-	upq.blockNos[p.ID().Number] = true
+	upq.blockHashes[p.BlockHash] = struct{}{}
 	return nil
 }
 
@@ -137,7 +148,7 @@ func (upq *PayloadsQueue) Pop() *eth.ExecutionPayload {
 	}
 	ps := heap.Pop(&upq.pq).(payloadAndSize) // nosemgrep
 	upq.currentSize -= ps.size
-	// remove the key from the blockNos map
-	delete(upq.blockNos, ps.payload.ID().Number)
+	// remove the key from the block hashes map
+	delete(upq.blockHashes, ps.payload.BlockHash)
 	return ps.payload
 }
diff --git a/components/node/rollup/derive/payloads_queue_test.go b/components/node/rollup/derive/payloads_queue_test.go
index 86f8e4a8ef..bb024b93a2 100644
--- a/components/node/rollup/derive/payloads_queue_test.go
+++ b/components/node/rollup/derive/payloads_queue_test.go
@@ -4,6 +4,7 @@ import (
 	"container/heap"
 	"testing"
 
+	"github.com/ethereum/go-ethereum/common"
 	"github.com/stretchr/testify/require"
 
 	"github.com/kroma-network/kroma/components/node/eth"
@@ -74,20 +75,17 @@ func TestPayloadMemSize(t *testing.T) {
 }
 
 func TestPayloadsQueue(t *testing.T) {
-	pq := PayloadsQueue{
-		MaxSize:  payloadMemFixedCost * 3,
-		SizeFn:   payloadMemSize,
-		blockNos: make(map[uint64]bool),
-	}
+	pq := NewPayloadsQueue(payloadMemFixedCost*3, payloadMemSize)
 	require.Equal(t, 0, pq.Len())
 	require.Equal(t, (*eth.ExecutionPayload)(nil), pq.Peek())
 	require.Equal(t, (*eth.ExecutionPayload)(nil), pq.Pop())
 
-	a := &eth.ExecutionPayload{BlockNumber: 3}
-	b := &eth.ExecutionPayload{BlockNumber: 4}
-	c := &eth.ExecutionPayload{BlockNumber: 5}
-	d := &eth.ExecutionPayload{BlockNumber: 6}
-	bAlt := &eth.ExecutionPayload{BlockNumber: 4}
+	a := &eth.ExecutionPayload{BlockNumber: 3, BlockHash: common.Hash{3}}
+	b := &eth.ExecutionPayload{BlockNumber: 4, BlockHash: common.Hash{4}}
+	c := &eth.ExecutionPayload{BlockNumber: 5, BlockHash: common.Hash{5}}
+	d := &eth.ExecutionPayload{BlockNumber: 6, BlockHash: common.Hash{6}}
+	bAlt := &eth.ExecutionPayload{BlockNumber: 4, BlockHash: common.Hash{0xff}}
+	bDup := &eth.ExecutionPayload{BlockNumber: 4, BlockHash: common.Hash{4}}
 	require.NoError(t, pq.Push(b))
 	require.Equal(t, pq.Len(), 1)
 	require.Equal(t, pq.Peek(), b)
@@ -130,7 +128,9 @@ func TestPayloadsQueue(t *testing.T) {
 	require.Equal(t, pq.Peek(), a)
 
 	// No duplicates allowed
-	require.Error(t, pq.Push(bAlt))
+	require.Error(t, pq.Push(bDup))
+	// But reorg data allowed
+	require.NoError(t, pq.Push(bAlt))
 
 	require.NoError(t, pq.Push(d))
 	require.Equal(t, pq.Len(), 3)
diff --git a/components/node/rollup/derive/pipeline.go b/components/node/rollup/derive/pipeline.go
index 3c1ba0d8af..9058820dee 100644
--- a/components/node/rollup/derive/pipeline.go
+++ b/components/node/rollup/derive/pipeline.go
@@ -15,6 +15,7 @@ type Metrics interface {
 	RecordL1Ref(name string, ref eth.L1BlockRef)
 	RecordL2Ref(name string, ref eth.L2BlockRef)
 	RecordUnsafePayloadsBuffer(length uint64, memSize uint64, next eth.BlockID)
+	RecordChannelInputBytes(inputCompressedBytes int)
 }
 
 type L1Fetcher interface {
@@ -51,7 +52,7 @@ type EngineQueueStage interface {
 
 	Finalize(l1Origin eth.L1BlockRef)
 	AddUnsafePayload(payload *eth.ExecutionPayload)
-	GetUnsafeQueueGap(expectedNumber uint64) (uint64, uint64)
+	UnsafeL2SyncTarget() eth.L2BlockRef
 	Step(context.Context) error
 }
 
@@ -82,7 +83,7 @@ func NewDerivationPipeline(log log.Logger, cfg *rollup.Config, l1Fetcher L1Fetch
 	l1Src := NewL1Retrieval(log, dataSrc, l1Traversal)
 	frameQueue := NewFrameQueue(log, l1Src)
 	bank := NewChannelBank(log, cfg, frameQueue, l1Fetcher)
-	chInReader := NewChannelInReader(log, bank)
+	chInReader := NewChannelInReader(log, bank, metrics)
 	batchQueue := NewBatchQueue(log, cfg, chInReader)
 	attrBuilder := NewFetchingAttributesBuilder(cfg, l1Fetcher, engine)
 	attributesQueue := NewAttributesQueue(log, cfg, attrBuilder, batchQueue)
@@ -167,10 +168,9 @@ func (dp *DerivationPipeline) AddUnsafePayload(payload *eth.ExecutionPayload) {
 	dp.eng.AddUnsafePayload(payload)
 }
 
-// GetUnsafeQueueGap retrieves the current [start, end] range of the gap between the tip of the unsafe priority queue and the unsafe head.
-// If there is no gap, the start and end will be 0.
-func (dp *DerivationPipeline) GetUnsafeQueueGap(expectedNumber uint64) (uint64, uint64) {
-	return dp.eng.GetUnsafeQueueGap(expectedNumber)
+// UnsafeL2SyncTarget retrieves the first queued-up L2 unsafe payload, or a zeroed reference if there is none.
+func (dp *DerivationPipeline) UnsafeL2SyncTarget() eth.L2BlockRef {
+	return dp.eng.UnsafeL2SyncTarget()
 }
 
 // Step tries to progress the buffer.
diff --git a/components/node/rollup/derive/system_config.go b/components/node/rollup/derive/system_config.go
index 181906f171..07e0024b4d 100644
--- a/components/node/rollup/derive/system_config.go
+++ b/components/node/rollup/derive/system_config.go
@@ -70,13 +70,13 @@ func ProcessSystemConfigUpdateLogEvent(destSysCfg *eth.SystemConfig, ev *types.L
 		return fmt.Errorf("expected 3 event topics (event identity, indexed version, indexed updateType), got %d", len(ev.Topics))
 	}
 	if ev.Topics[0] != ConfigUpdateEventABIHash {
-		return fmt.Errorf("invalid deposit event selector: %s, expected %s", ev.Topics[0], DepositEventABIHash)
+		return fmt.Errorf("invalid SystemConfig update event: %s, expected %s", ev.Topics[0], ConfigUpdateEventABIHash)
 	}
 
 	// indexed 0
 	version := ev.Topics[1]
 	if version != ConfigUpdateEventVersion0 {
-		return fmt.Errorf("unrecognized L1 sysCfg update event version: %s", version)
+		return fmt.Errorf("unrecognized SystemConfig update event version: %s", version)
 	}
 	// indexed 1
 	updateType := ev.Topics[2]
diff --git a/components/node/rollup/derive/system_config_test.go b/components/node/rollup/derive/system_config_test.go
new file mode 100644
index 0000000000..6306422bbd
--- /dev/null
+++ b/components/node/rollup/derive/system_config_test.go
@@ -0,0 +1,171 @@
+package derive
+
+import (
+	"math/big"
+	"testing"
+
+	"github.com/ethereum/go-ethereum/accounts/abi"
+	"github.com/ethereum/go-ethereum/common"
+	"github.com/ethereum/go-ethereum/core/types"
+	"github.com/stretchr/testify/require"
+
+	"github.com/kroma-network/kroma/components/node/eth"
+)
+
+var (
+	// ABI encoding helpers
+	dynBytes, _ = abi.NewType("bytes", "", nil)
+	address, _  = abi.NewType("address", "", nil)
+	uint256T, _ = abi.NewType("uint256", "", nil)
+	addressArgs = abi.Arguments{
+		{Type: address},
+	}
+	bytesArgs = abi.Arguments{
+		{Type: dynBytes},
+	}
+	twoUint256 = abi.Arguments{
+		{Type: uint256T},
+		{Type: uint256T},
+	}
+	oneUint256 = abi.Arguments{
+		{Type: uint256T},
+	}
+)
+
+// TestProcessSystemConfigUpdateLogEvent tests the parsing of an event and mutating the
+// SystemConfig. The hook will build the ABI encoded data dynamically. All tests create
+// a new SystemConfig and apply a log against it and then assert that the mutated system
+// config is equal to the defined system config in the test.
+func TestProcessSystemConfigUpdateLogEvent(t *testing.T) {
+	tests := []struct {
+		name   string
+		log    *types.Log
+		config eth.SystemConfig
+		hook   func(*testing.T, *types.Log) *types.Log
+		err    bool
+	}{
+		{
+			// The log data is ignored by consensus and no modifications to the
+			// system config occur.
+			name: "SystemConfigUpdateUnsafeBlockSigner",
+			log: &types.Log{
+				Topics: []common.Hash{
+					ConfigUpdateEventABIHash,
+					ConfigUpdateEventVersion0,
+					SystemConfigUpdateUnsafeBlockSigner,
+				},
+			},
+			hook: func(t *testing.T, log *types.Log) *types.Log {
+				addr := common.Address{}
+				data, err := addressArgs.Pack(&addr)
+				require.NoError(t, err)
+				log.Data = data
+				return log
+			},
+			config: eth.SystemConfig{},
+			err:    false,
+		},
+		{
+			// The batcher address should be updated.
+			name: "SystemConfigUpdateBatcher",
+			log: &types.Log{
+				Topics: []common.Hash{
+					ConfigUpdateEventABIHash,
+					ConfigUpdateEventVersion0,
+					SystemConfigUpdateBatcher,
+				},
+			},
+			hook: func(t *testing.T, log *types.Log) *types.Log {
+				addr := common.Address{19: 0xaa}
+				addrData, err := addressArgs.Pack(&addr)
+				require.NoError(t, err)
+				data, err := bytesArgs.Pack(addrData)
+				require.NoError(t, err)
+				log.Data = data
+				return log
+			},
+			config: eth.SystemConfig{
+				BatcherAddr: common.Address{19: 0xaa},
+			},
+			err: false,
+		},
+		{
+			// The overhead and the scalar should be updated.
+			name: "SystemConfigUpdateGasConfig",
+			log: &types.Log{
+				Topics: []common.Hash{
+					ConfigUpdateEventABIHash,
+					ConfigUpdateEventVersion0,
+					SystemConfigUpdateGasConfig,
+				},
+			},
+			hook: func(t *testing.T, log *types.Log) *types.Log {
+				overhead := big.NewInt(0xff)
+				scalar := big.NewInt(0xaa)
+				numberData, err := twoUint256.Pack(overhead, scalar)
+				require.NoError(t, err)
+				data, err := bytesArgs.Pack(numberData)
+				require.NoError(t, err)
+				log.Data = data
+				return log
+			},
+			config: eth.SystemConfig{
+				Overhead: eth.Bytes32{31: 0xff},
+				Scalar:   eth.Bytes32{31: 0xaa},
+			},
+			err: false,
+		},
+		{
+			// The gas limit should be updated.
+			name: "SystemConfigUpdateGasLimit",
+			log: &types.Log{
+				Topics: []common.Hash{
+					ConfigUpdateEventABIHash,
+					ConfigUpdateEventVersion0,
+					SystemConfigUpdateGasLimit,
+				},
+			},
+			hook: func(t *testing.T, log *types.Log) *types.Log {
+				gasLimit := big.NewInt(0xbb)
+				numberData, err := oneUint256.Pack(gasLimit)
+				require.NoError(t, err)
+				data, err := bytesArgs.Pack(numberData)
+				require.NoError(t, err)
+				log.Data = data
+				return log
+			},
+			config: eth.SystemConfig{
+				GasLimit: 0xbb,
+			},
+			err: false,
+		},
+		{
+			name: "SystemConfigOneTopic",
+			log: &types.Log{
+				Topics: []common.Hash{
+					ConfigUpdateEventABIHash,
+				},
+			},
+			hook: func(t *testing.T, log *types.Log) *types.Log {
+				return log
+			},
+			config: eth.SystemConfig{},
+			err:    true,
+		},
+	}
+
+	for _, test := range tests {
+		test := test
+		t.Run(test.name, func(t *testing.T) {
+			config := eth.SystemConfig{}
+
+			err := ProcessSystemConfigUpdateLogEvent(&config, test.hook(t, test.log))
+			if test.err {
+				require.Error(t, err)
+			} else {
+				require.NoError(t, err)
+			}
+			require.Equal(t, config, test.config)
+		})
+	}
+}
diff --git a/components/node/rollup/driver/config.go b/components/node/rollup/driver/config.go
index 6bf7acfad3..f2107331bc 100644
--- a/components/node/rollup/driver/config.go
+++ b/components/node/rollup/driver/config.go
@@ -16,4 +16,8 @@ type Config struct {
 
 	// ProposerStopped is false when the driver should propose new blocks.
 	ProposerStopped bool `json:"proposer_stopped"`
+
+	// ProposerMaxSafeLag is the maximum number of L2 blocks for restricting the distance between L2 safe and unsafe.
+	// Disabled if 0.
+	ProposerMaxSafeLag uint64 `json:"proposer_max_safe_lag"`
 }
diff --git a/components/node/rollup/driver/driver.go b/components/node/rollup/driver/driver.go
index 1a30f45792..ba27b0ed4b 100644
--- a/components/node/rollup/driver/driver.go
+++ b/components/node/rollup/driver/driver.go
@@ -10,7 +10,6 @@ import (
 	"github.com/kroma-network/kroma/components/node/eth"
 	"github.com/kroma-network/kroma/components/node/rollup"
 	"github.com/kroma-network/kroma/components/node/rollup/derive"
-	"github.com/kroma-network/kroma/components/node/sources"
 )
 
 type Metrics interface {
@@ -22,6 +21,7 @@ type Metrics interface {
 
 	RecordL1Ref(name string, ref eth.L1BlockRef)
 	RecordL2Ref(name string, ref eth.L2BlockRef)
+	RecordChannelInputBytes(inputCompressedBytes int)
 
 	RecordUnsafePayloadsBuffer(length uint64, memSize uint64, next eth.BlockID)
 
@@ -49,7 +49,7 @@ type DerivationPipeline interface {
 	Reset()
 	Step(ctx context.Context) error
 	AddUnsafePayload(payload *eth.ExecutionPayload)
-	GetUnsafeQueueGap(expectedNumber uint64) (uint64, uint64)
+	UnsafeL2SyncTarget() eth.L2BlockRef
 	Finalize(ref eth.L1BlockRef)
 	FinalizedL1() eth.L1BlockRef
 	Finalized() eth.L2BlockRef
@@ -82,8 +82,27 @@ type Network interface {
 	PublishL2Payload(ctx context.Context, payload *eth.ExecutionPayload) error
 }
 
+type AltSync interface {
+	// RequestL2Range informs the sync source that the given range of L2 blocks is missing,
+	// and should be retrieved from any available alternative syncing source.
+	// The start and end of the range are exclusive:
+	// the start is the head we already have, the end is the first thing we have queued up.
+	// It's the task of the alt-sync mechanism to use this hint to fetch the right payloads.
+	// Note that the end and start may not be consistent: in this case the sync method should fetch older history
+	//
+	// If the end value is zeroed, then the sync-method may determine the end free of choice,
+	// e.g. sync till the chain head meets the wallclock time. This functionality is optional:
+	// a fixed target to sync towards may be determined by picking up payloads through P2P gossip or other sources.
+	//
+	// The sync results should be returned back to the driver via the OnUnsafeL2Payload(ctx, payload) method.
+	// The latest requested range should always take priority over previous requests.
+	// There may be overlaps in requested ranges.
+	// An error may be returned if the scheduling fails immediately, e.g. a context timeout.
+	RequestL2Range(ctx context.Context, start, end eth.L2BlockRef) error
+}
+
 // NewDriver composes an events handler that tracks L1 state, triggers L2 derivation, and optionally proposes new L2 blocks.
-func NewDriver(driverCfg *Config, cfg *rollup.Config, l2 L2Chain, l1 L1Chain, syncClient *sources.SyncClient, network Network, log log.Logger, snapshotLog log.Logger, metrics Metrics) *Driver {
+func NewDriver(driverCfg *Config, cfg *rollup.Config, l2 L2Chain, l1 L1Chain, altSync AltSync, network Network, log log.Logger, snapshotLog log.Logger, metrics Metrics) *Driver {
 	l1State := NewL1State(log, metrics)
 	proposerConfDepth := NewConfDepth(driverCfg.ProposerConfDepth, l1State.L1Head, l1)
 	findL1Origin := NewL1OriginSelector(log, cfg, proposerConfDepth)
@@ -115,6 +134,6 @@ func NewDriver(driverCfg *Config, cfg *rollup.Config, l2 L2Chain, l1 L1Chain, sy
 		l1SafeSig:        make(chan eth.L1BlockRef, 10),
 		l1FinalizedSig:   make(chan eth.L1BlockRef, 10),
 		unsafeL2Payloads: make(chan *eth.ExecutionPayload, 10),
-		L2SyncCl:         syncClient,
+		altSync:          altSync,
 	}
 }
diff --git a/components/node/rollup/driver/state.go b/components/node/rollup/driver/state.go
index 02a45d7f96..887ab34793 100644
--- a/components/node/rollup/driver/state.go
+++ b/components/node/rollup/driver/state.go
@@ -16,7 +16,6 @@ import (
 	"github.com/kroma-network/kroma/components/node/eth"
 	"github.com/kroma-network/kroma/components/node/rollup"
 	"github.com/kroma-network/kroma/components/node/rollup/derive"
-	"github.com/kroma-network/kroma/components/node/sources"
 	"github.com/kroma-network/kroma/utils/service/backoff"
 )
 
@@ -64,8 +63,8 @@ type Driver struct {
 	l1SafeSig      chan eth.L1BlockRef
 	l1FinalizedSig chan eth.L1BlockRef
 
-	// Backup unsafe sync client
-	L2SyncCl *sources.SyncClient
+	// Interface to signal the L2 block range to sync.
+	altSync AltSync
 
 	// L2 Signals:
 	unsafeL2Payloads chan *eth.ExecutionPayload
@@ -85,65 +84,65 @@ type Driver struct {
 
 // Start starts up the state loop.
 // The loop will have been started iff err is not nil.
-func (s *Driver) Start() error {
-	s.derivation.Reset()
+func (d *Driver) Start() error {
+	d.derivation.Reset()
 
-	s.wg.Add(1)
-	go s.eventLoop()
+	d.wg.Add(1)
+	go d.eventLoop()
 
 	return nil
 }
 
-func (s *Driver) Close() error {
-	s.done <- struct{}{}
-	s.wg.Wait()
+func (d *Driver) Close() error {
+	d.done <- struct{}{}
+	d.wg.Wait()
 	return nil
 }
 
 // OnL1Head signals the driver that the L1 chain changed the "unsafe" block,
 // also known as head of the chain, or "latest".
-func (s *Driver) OnL1Head(ctx context.Context, unsafe eth.L1BlockRef) error {
+func (d *Driver) OnL1Head(ctx context.Context, unsafe eth.L1BlockRef) error {
 	select {
 	case <-ctx.Done():
 		return ctx.Err()
-	case s.l1HeadSig <- unsafe:
+	case d.l1HeadSig <- unsafe:
 		return nil
 	}
 }
 
 // OnL1Safe signals the driver that the L1 chain changed the "safe",
 // also known as the justified checkpoint (as seen on L1 beacon-chain).
-func (s *Driver) OnL1Safe(ctx context.Context, safe eth.L1BlockRef) error {
+func (d *Driver) OnL1Safe(ctx context.Context, safe eth.L1BlockRef) error {
 	select {
 	case <-ctx.Done():
 		return ctx.Err()
-	case s.l1SafeSig <- safe:
+	case d.l1SafeSig <- safe:
 		return nil
 	}
 }
 
-func (s *Driver) OnL1Finalized(ctx context.Context, finalized eth.L1BlockRef) error {
+func (d *Driver) OnL1Finalized(ctx context.Context, finalized eth.L1BlockRef) error {
 	select {
 	case <-ctx.Done():
 		return ctx.Err()
-	case s.l1FinalizedSig <- finalized:
+	case d.l1FinalizedSig <- finalized:
 		return nil
 	}
 }
 
-func (s *Driver) OnUnsafeL2Payload(ctx context.Context, payload *eth.ExecutionPayload) error {
+func (d *Driver) OnUnsafeL2Payload(ctx context.Context, payload *eth.ExecutionPayload) error {
 	select {
 	case <-ctx.Done():
 		return ctx.Err()
-	case s.unsafeL2Payloads <- payload:
+	case d.unsafeL2Payloads <- payload:
 		return nil
 	}
 }
 
 // the eventLoop responds to L1 changes and internal timers to produce L2 blocks.
-func (s *Driver) eventLoop() {
-	defer s.wg.Done()
-	s.log.Info("State loop started")
+func (d *Driver) eventLoop() {
+	defer d.wg.Done()
+	d.log.Info("State loop started")
 
 	ctx, cancel := context.WithCancel(context.Background())
 	defer cancel()
@@ -173,10 +172,10 @@ func (s *Driver) eventLoop() {
 			// if this is not the first attempt, we re-schedule with a backoff, *without blocking other events*
 			if delayedStepReq == nil {
 				delay := bOffStrategy.Duration(stepAttempts)
-				s.log.Debug("scheduling re-attempt with delay", "attempts", stepAttempts, "delay", delay)
+				d.log.Debug("scheduling re-attempt with delay", "attempts", stepAttempts, "delay", delay)
 				delayedStepReq = time.After(delay)
 			} else {
-				s.log.Debug("ignoring step request, already scheduled re-attempt after previous failure", "attempts", stepAttempts)
+				d.log.Debug("ignoring step request, already scheduled re-attempt after previous failure", "attempts", stepAttempts)
 			}
 		} else {
 			step()
@@ -191,7 +190,7 @@ func (s *Driver) eventLoop() {
 	proposerTimer := time.NewTimer(0)
 	var proposerCh <-chan time.Time
 	planProposerAction := func() {
-		delay := s.proposer.PlanNextProposerAction()
+		delay := d.proposer.PlanNextProposerAction()
 		proposerCh = proposerTimer.C
 		if len(proposerCh) > 0 { // empty if not already drained before resetting
 			<-proposerCh
@@ -199,131 +198,155 @@ func (s *Driver) eventLoop() {
 		proposerTimer.Reset(delay)
 	}
 
-	// Create a ticker to check if there is a gap in the engine queue every 15 seconds
-	// If there is, we send requests to the backup RPC to retrieve the missing payloads
-	// and add them to the unsafe queue.
-	altSyncTicker := time.NewTicker(15 * time.Second)
+	// Create a ticker to check if there is a gap in the engine queue. Whenever
+	// there is, we send requests to sync source to retrieve the missing payloads.
+	syncCheckInterval := time.Duration(d.config.BlockTime) * time.Second * 2
+	altSyncTicker := time.NewTicker(syncCheckInterval)
 	defer altSyncTicker.Stop()
+	lastUnsafeL2 := d.derivation.UnsafeL2Head()
 
 	for {
 		// If we are proposing, and the L1 state is ready, update the trigger for the next proposer action.
 		// This may adjust at any time based on fork-choice changes or previous errors.
 		// And avoid sequencing if the derivation pipeline indicates the engine is not ready.
-		if s.driverConfig.ProposerEnabled && !s.driverConfig.ProposerStopped &&
-			s.l1State.L1Head() != (eth.L1BlockRef{}) && s.derivation.EngineReady() {
-			// update proposer time if the head changed
-			if s.proposer.BuildingOnto().ID() != s.derivation.UnsafeL2Head().ID() {
+		if d.driverConfig.ProposerEnabled && !d.driverConfig.ProposerStopped &&
+			d.l1State.L1Head() != (eth.L1BlockRef{}) && d.derivation.EngineReady() {
+			if d.driverConfig.ProposerMaxSafeLag > 0 && d.derivation.SafeL2Head().Number+d.driverConfig.ProposerMaxSafeLag <= d.derivation.UnsafeL2Head().Number {
+				// If the safe head has fallen behind by a significant number of blocks, delay creating new blocks
+				// until the safe lag is below SequencerMaxSafeLag.
+				if proposerCh != nil {
+					d.log.Warn(
+						"Delay creating new block since safe lag exceeds limit",
+						"safe_l2", d.derivation.SafeL2Head(),
+						"unsafe_l2", d.derivation.UnsafeL2Head(),
+					)
+					proposerCh = nil
+				}
+			} else if d.proposer.BuildingOnto().ID() != d.derivation.UnsafeL2Head().ID() {
+				// If we are sequencing, and the L1 state is ready, update the trigger for the next sequencer action.
+				// This may adjust at any time based on fork-choice changes or previous errors.
+				//
+				// update sequencer time if the head changed
 				planProposerAction()
 			}
 		} else {
 			proposerCh = nil
 		}
 
+		// If the engine is not ready, or if the L2 head is actively changing, then reset the alt-sync:
+		// there is no need to request L2 blocks when we are syncing already.
+		if head := d.derivation.UnsafeL2Head(); head != lastUnsafeL2 || !d.derivation.EngineReady() {
+			lastUnsafeL2 = head
+			altSyncTicker.Reset(syncCheckInterval)
+		}
+
 		select {
 		case <-proposerCh:
-			payload, err := s.proposer.RunNextProposerAction(ctx)
+			payload, err := d.proposer.RunNextProposerAction(ctx)
 			if err != nil {
-				s.log.Error("Sequencer critical error", "err", err)
+				d.log.Error("Sequencer critical error", "err", err)
 				return
 			}
-			if s.network != nil && payload != nil {
+			if d.network != nil && payload != nil {
 				// Publishing of unsafe data via p2p is optional.
 				// Errors are not severe enough to change/halt proposing but should be logged and metered.
-				if err := s.network.PublishL2Payload(ctx, payload); err != nil {
-					s.log.Warn("failed to publish newly created block", "id", payload.ID(), "err", err)
-					s.metrics.RecordPublishingError()
+				if err := d.network.PublishL2Payload(ctx, payload); err != nil {
+					d.log.Warn("failed to publish newly created block", "id", payload.ID(), "err", err)
+					d.metrics.RecordPublishingError()
 				}
 			}
 			planProposerAction() // schedule the next proposer action to keep the proposing looping
 		case <-altSyncTicker.C:
-			// Check if there is a gap in the current unsafe payload queue. If there is, attempt to fetch
-			// missing payloads from the backup RPC (if it is configured).
-			if s.L2SyncCl != nil {
-				s.checkForGapInUnsafeQueue(ctx)
+			// Check if there is a gap in the current unsafe payload queue.
+			ctx, cancel := context.WithTimeout(ctx, time.Second*2)
+			err := d.checkForGapInUnsafeQueue(ctx)
+			cancel()
+			if err != nil {
+				d.log.Warn("failed to check for unsafe L2 blocks to sync", "err", err)
 			}
-		case payload := <-s.unsafeL2Payloads:
-			s.snapshot("New unsafe payload")
-			s.log.Info("Optimistically queueing unsafe L2 execution payload", "id", payload.ID())
-			s.derivation.AddUnsafePayload(payload)
-			s.metrics.RecordReceivedUnsafePayload(payload)
+		case payload := <-d.unsafeL2Payloads:
+			d.snapshot("New unsafe payload")
+			d.log.Info("Optimistically queueing unsafe L2 execution payload", "id", payload.ID())
+			d.derivation.AddUnsafePayload(payload)
+			d.metrics.RecordReceivedUnsafePayload(payload)
 			reqStep()
 
-		case newL1Head := <-s.l1HeadSig:
-			s.l1State.HandleNewL1HeadBlock(newL1Head)
+		case newL1Head := <-d.l1HeadSig:
+			d.l1State.HandleNewL1HeadBlock(newL1Head)
 			reqStep() // a new L1 head may mean we have the data to not get an EOF again.
-		case newL1Safe := <-s.l1SafeSig:
-			s.l1State.HandleNewL1SafeBlock(newL1Safe)
+		case newL1Safe := <-d.l1SafeSig:
+			d.l1State.HandleNewL1SafeBlock(newL1Safe)
 			// no step, justified L1 information does not do anything for L2 derivation or status
-		case newL1Finalized := <-s.l1FinalizedSig:
-			s.l1State.HandleNewL1FinalizedBlock(newL1Finalized)
-			s.derivation.Finalize(newL1Finalized)
+		case newL1Finalized := <-d.l1FinalizedSig:
+			d.l1State.HandleNewL1FinalizedBlock(newL1Finalized)
+			d.derivation.Finalize(newL1Finalized)
 			reqStep() // we may be able to mark more L2 data as finalized now
 		case <-delayedStepReq:
 			delayedStepReq = nil
 			step()
 		case <-stepReqCh:
-			s.metrics.SetDerivationIdle(false)
-			s.log.Debug("Derivation process step", "onto_origin", s.derivation.Origin(), "attempts", stepAttempts)
-			err := s.derivation.Step(context.Background())
+			d.metrics.SetDerivationIdle(false)
+			d.log.Debug("Derivation process step", "onto_origin", d.derivation.Origin(), "attempts", stepAttempts)
+			err := d.derivation.Step(context.Background())
 			stepAttempts += 1 // count as attempt by default. We reset to 0 if we are making healthy progress.
 			if err == io.EOF {
-				s.log.Debug("Derivation process went idle", "progress", s.derivation.Origin())
+				d.log.Debug("Derivation process went idle", "progress", d.derivation.Origin())
 				stepAttempts = 0
-				s.metrics.SetDerivationIdle(true)
+				d.metrics.SetDerivationIdle(true)
 				continue
 			} else if err != nil && errors.Is(err, derive.ErrReset) {
 				// If the pipeline corrupts, e.g. due to a reorg, simply reset it
-				s.log.Warn("Derivation pipeline is reset", "err", err)
-				s.derivation.Reset()
-				s.metrics.RecordPipelineReset()
+				d.log.Warn("Derivation pipeline is reset", "err", err)
+				d.derivation.Reset()
+				d.metrics.RecordPipelineReset()
 				continue
 			} else if err != nil && errors.Is(err, derive.ErrTemporary) {
-				s.log.Warn("Derivation process temporary error", "attempts", stepAttempts, "err", err)
+				d.log.Warn("Derivation process temporary error", "attempts", stepAttempts, "err", err)
 				reqStep()
 				continue
 			} else if err != nil && errors.Is(err, derive.ErrCritical) {
-				s.log.Error("Derivation process critical error", "err", err)
+				d.log.Error("Derivation process critical error", "err", err)
 				return
 			} else if err != nil && errors.Is(err, derive.NotEnoughData) {
 				stepAttempts = 0 // don't do a backoff for this error
 				reqStep()
 				continue
 			} else if err != nil {
-				s.log.Error("Derivation process error", "attempts", stepAttempts, "err", err)
+				d.log.Error("Derivation process error", "attempts", stepAttempts, "err", err)
 				reqStep()
 				continue
 			} else {
 				stepAttempts = 0
 				reqStep() // continue with the next step if we can
 			}
-		case respCh := <-s.stateReq:
+		case respCh := <-d.stateReq:
 			respCh <- struct{}{}
-		case respCh := <-s.forceReset:
-			s.log.Warn("Derivation pipeline is manually reset")
-			s.derivation.Reset()
-			s.metrics.RecordPipelineReset()
+		case respCh := <-d.forceReset:
+			d.log.Warn("Derivation pipeline is manually reset")
+			d.derivation.Reset()
+			d.metrics.RecordPipelineReset()
 			close(respCh)
-		case resp := <-s.startProposer:
-			unsafeHead := s.derivation.UnsafeL2Head().Hash
-			if !s.driverConfig.ProposerStopped {
+		case resp := <-d.startProposer:
+			unsafeHead := d.derivation.UnsafeL2Head().Hash
+			if !d.driverConfig.ProposerStopped {
 				resp.err <- errors.New("proposer already running")
 			} else if !bytes.Equal(unsafeHead[:], resp.hash[:]) {
-				resp.err <- fmt.Errorf("block hash does not match: head %s, received %s", unsafeHead.String(), resp.hash.String())
+				resp.err <- fmt.Errorf("block hash does not match: head %d, received %d", unsafeHead.String(), resp.hash.String())
 			} else {
-				s.log.Info("Proposer has been started")
-				s.driverConfig.ProposerStopped = false
+				d.log.Info("Proposer has been started")
+				d.driverConfig.ProposerStopped = false
 				close(resp.err)
 				planProposerAction() // resume proposing
 			}
-		case respCh := <-s.stopProposer:
-			if s.driverConfig.ProposerStopped {
+		case respCh := <-d.stopProposer:
+			if d.driverConfig.ProposerStopped {
 				respCh <- hashAndError{err: errors.New("proposer not running")}
 			} else {
-				s.log.Warn("Proposer has been stopped")
-				s.driverConfig.ProposerStopped = true
-				respCh <- hashAndError{hash: s.derivation.UnsafeL2Head().Hash}
+				d.log.Warn("Proposer has been stopped")
+				d.driverConfig.ProposerStopped = true
+				respCh <- hashAndError{hash: d.derivation.UnsafeL2Head().Hash}
 			}
-		case <-s.done:
+		case <-d.done:
 			return
 		}
 	}
@@ -332,12 +355,12 @@ func (s *Driver) eventLoop() {
 // ResetDerivationPipeline forces a reset of the derivation pipeline.
 // It waits for the reset to occur. It simply unblocks the caller rather
 // than fully cancelling the reset request upon a context cancellation.
-func (s *Driver) ResetDerivationPipeline(ctx context.Context) error {
+func (d *Driver) ResetDerivationPipeline(ctx context.Context) error {
 	respCh := make(chan struct{}, 1)
 	select {
 	case <-ctx.Done():
 		return ctx.Err()
-	case s.forceReset <- respCh:
+	case d.forceReset <- respCh:
 		select {
 		case <-ctx.Done():
 			return ctx.Err()
@@ -347,8 +370,8 @@ func (s *Driver) ResetDerivationPipeline(ctx context.Context) error {
 	}
 }
 
-func (s *Driver) StartProposer(ctx context.Context, blockHash common.Hash) error {
-	if !s.driverConfig.ProposerEnabled {
+func (d *Driver) StartProposer(ctx context.Context, blockHash common.Hash) error {
+	if !d.driverConfig.ProposerEnabled {
 		return errors.New("proposer is not enabled")
 	}
 	h := hashAndErrorChannel{
@@ -358,7 +381,7 @@ func (s *Driver) StartProposer(ctx context.Context, blockHash common.Hash) error
 	select {
 	case <-ctx.Done():
 		return ctx.Err()
-	case s.startProposer <- h:
+	case d.startProposer <- h:
 		select {
 		case <-ctx.Done():
 			return ctx.Err()
@@ -368,15 +391,15 @@ func (s *Driver) StartProposer(ctx context.Context, blockHash common.Hash) error
 	}
 }
 
-func (s *Driver) StopProposer(ctx context.Context) (common.Hash, error) {
-	if !s.driverConfig.ProposerEnabled {
+func (d *Driver) StopProposer(ctx context.Context) (common.Hash, error) {
+	if !d.driverConfig.ProposerEnabled {
 		return common.Hash{}, errors.New("proposer is not enabled")
 	}
 	respCh := make(chan hashAndError, 1)
 	select {
 	case <-ctx.Done():
 		return common.Hash{}, ctx.Err()
-	case s.stopProposer <- respCh:
+	case d.stopProposer <- respCh:
 		select {
 		case <-ctx.Done():
 			return common.Hash{}, ctx.Err()
@@ -388,26 +411,27 @@ func (s *Driver) StopProposer(ctx context.Context) (common.Hash, error) {
 
 // syncStatus returns the current sync status, and should only be called synchronously with
 // the driver event loop to avoid retrieval of an inconsistent status.
-func (s *Driver) syncStatus() *eth.SyncStatus {
+func (d *Driver) syncStatus() *eth.SyncStatus {
 	return &eth.SyncStatus{
-		CurrentL1:          s.derivation.Origin(),
-		CurrentL1Finalized: s.derivation.FinalizedL1(),
-		HeadL1:             s.l1State.L1Head(),
-		SafeL1:             s.l1State.L1Safe(),
-		FinalizedL1:        s.l1State.L1Finalized(),
-		UnsafeL2:           s.derivation.UnsafeL2Head(),
-		SafeL2:             s.derivation.SafeL2Head(),
-		FinalizedL2:        s.derivation.Finalized(),
+		CurrentL1:          d.derivation.Origin(),
+		CurrentL1Finalized: d.derivation.FinalizedL1(),
+		HeadL1:             d.l1State.L1Head(),
+		SafeL1:             d.l1State.L1Safe(),
+		FinalizedL1:        d.l1State.L1Finalized(),
+		UnsafeL2:           d.derivation.UnsafeL2Head(),
+		SafeL2:             d.derivation.SafeL2Head(),
+		FinalizedL2:        d.derivation.Finalized(),
+		UnsafeL2SyncTarget: d.derivation.UnsafeL2SyncTarget(),
 	}
 }
 
 // SyncStatus blocks the driver event loop and captures the syncing status.
 // If the event loop is too busy and the context expires, a context error is returned.
-func (s *Driver) SyncStatus(ctx context.Context) (*eth.SyncStatus, error) {
+func (d *Driver) SyncStatus(ctx context.Context) (*eth.SyncStatus, error) {
 	wait := make(chan struct{})
 	select {
-	case s.stateReq <- wait:
-		resp := s.syncStatus()
+	case d.stateReq <- wait:
+		resp := d.syncStatus()
 		<-wait
 		return resp, nil
 	case <-ctx.Done():
@@ -418,15 +442,15 @@ func (s *Driver) SyncStatus(ctx context.Context) (*eth.SyncStatus, error) {
 // BlockRefsWithStatus blocks the driver event loop and captures the syncing status,
 // along with L2 blocks reference by number and number plus 1 consistent with that same status.
 // If the event loop is too busy and the context expires, a context error is returned.
-func (s *Driver) BlockRefsWithStatus(ctx context.Context, num uint64) (eth.L2BlockRef, eth.L2BlockRef, *eth.SyncStatus, error) {
+func (d *Driver) BlockRefsWithStatus(ctx context.Context, num uint64) (eth.L2BlockRef, eth.L2BlockRef, *eth.SyncStatus, error) {
 	wait := make(chan struct{})
 	select {
-	case s.stateReq <- wait:
-		resp := s.syncStatus()
-		ref, err := s.l2.L2BlockRefByNumber(ctx, num)
+	case d.stateReq <- wait:
+		resp := d.syncStatus()
+		ref, err := d.l2.L2BlockRefByNumber(ctx, num)
 		nextRef := eth.L2BlockRef{}
-		if err == nil && s.config.IsBlueBlock(num) {
-			nextRef, err = s.l2.L2BlockRefByNumber(ctx, num+1)
+		if err == nil && d.config.IsBlueBlock(num) {
+			nextRef, err = d.l2.L2BlockRefByNumber(ctx, num+1)
 		}
 		<-wait
 		return ref, nextRef, resp, err
@@ -445,14 +469,14 @@ func (v deferJSONString) String() string {
 	return string(out)
 }
 
-func (s *Driver) snapshot(event string) {
-	s.snapshotLog.Info("Rollup State Snapshot",
+func (d *Driver) snapshot(event string) {
+	d.snapshotLog.Info("Rollup State Snapshot",
 		"event", event,
-		"l1Head", deferJSONString{s.l1State.L1Head()},
-		"l1Current", deferJSONString{s.derivation.Origin()},
-		"l2Head", deferJSONString{s.derivation.UnsafeL2Head()},
-		"l2Safe", deferJSONString{s.derivation.SafeL2Head()},
-		"l2FinalizedHead", deferJSONString{s.derivation.Finalized()})
+		"l1Head", deferJSONString{d.l1State.L1Head()},
+		"l1Current", deferJSONString{d.derivation.Origin()},
+		"l2Head", deferJSONString{d.derivation.UnsafeL2Head()},
+		"l2Safe", deferJSONString{d.derivation.SafeL2Head()},
+		"l2FinalizedHead", deferJSONString{d.derivation.Finalized()})
 }
 
 type hashAndError struct {
@@ -465,35 +489,19 @@ type hashAndErrorChannel struct {
 	err  chan error
 }
 
-// checkForGapInUnsafeQueue checks if there is a gap in the unsafe queue and attempts to retrieve the missing payloads from the backup RPC.
-// WARNING: The sync client's attempt to retrieve the missing payloads is not guaranteed to succeed, and it will fail silently (besides
-// emitting warning logs) if the requests fail.
-func (s *Driver) checkForGapInUnsafeQueue(ctx context.Context) {
-	// subtract genesis time from wall clock to get the time elapsed since genesis, and then divide that
-	// difference by the block time to get the expected L2 block number at the current time. If the
-	// unsafe head does not have this block number, then there is a gap in the queue.
-	wallClock := uint64(time.Now().Unix())
-	genesisTimestamp := s.config.Genesis.L2Time
-	wallClockGenesisDiff := wallClock - genesisTimestamp
-	expectedL2Block := wallClockGenesisDiff / s.config.BlockTime
-
-	start, end := s.derivation.GetUnsafeQueueGap(expectedL2Block)
-	size := end - start
-
-	// Check if there is a gap between the unsafe head and the expected L2 block number at the current time.
-	if size > 0 {
-		s.log.Warn("Gap in payload queue tip and expected unsafe chain detected", "start", start, "end", end, "size", size)
-		s.log.Info("Attempting to fetch missing payloads from backup RPC", "start", start, "end", end, "size", size)
-
-		// Attempt to fetch the missing payloads from the backup unsafe sync RPC concurrently.
-		// Concurrent requests are safe here due to the engine queue being a priority queue.
-		for blockNumber := start; blockNumber <= end; blockNumber++ {
-			select {
-			case s.L2SyncCl.FetchUnsafeBlock <- blockNumber:
-				// Do nothing- the block number was successfully sent into the channel
-			default:
-				return // If the channel is full, return and wait for the next iteration of the event loop
-			}
-		}
+// checkForGapInUnsafeQueue checks if there is a gap in the unsafe queue and attempts to retrieve the missing payloads from an alt-sync method.
+// WARNING: This is only an outgoing signal, the blocks are not guaranteed to be retrieved.
+// Results are received through OnUnsafeL2Payload.
+func (d *Driver) checkForGapInUnsafeQueue(ctx context.Context) error {
+	start := d.derivation.UnsafeL2Head()
+	end := d.derivation.UnsafeL2SyncTarget()
+	// Check if we have missing blocks between the start and end. Request them if we do.
+	if end == (eth.L2BlockRef{}) {
+		d.log.Debug("requesting sync with open-end range", "start", start)
+		return d.altSync.RequestL2Range(ctx, start, eth.L2BlockRef{})
+	} else if end.Number > start.Number+1 {
+		d.log.Debug("requesting missing unsafe L2 block range", "start", start, "end", end, "size", end.Number-start.Number)
+		return d.altSync.RequestL2Range(ctx, start, end)
 	}
+	return nil
 }
diff --git a/components/node/rollup/sync/start.go b/components/node/rollup/sync/start.go
index 67d078093a..11036589c3 100644
--- a/components/node/rollup/sync/start.go
+++ b/components/node/rollup/sync/start.go
@@ -110,6 +110,9 @@ func FindL2Heads(ctx context.Context, cfg *rollup.Config, l1 L1Chain, l2 L2Chain
 		return nil, fmt.Errorf("failed to fetch current L2 forkchoice state: %w", err)
 	}
 
+	lgr.Info("Loaded current L2 heads", "unsafe", result.Unsafe, "safe", result.Safe, "finalized", result.Finalized,
+		"unsafe_origin", result.Unsafe.L1Origin, "unsafe_origin", result.Safe.L1Origin)
+
 	// Remember original unsafe block to determine reorg depth
 	prevUnsafe := result.Unsafe
 
@@ -135,6 +138,7 @@ func FindL2Heads(ctx context.Context, cfg *rollup.Config, l1 L1Chain, l2 L2Chain
 				// Exit, find-sync start should start over, to move to an available L1 chain with block-by-number / not-found case.
 				return nil, fmt.Errorf("failed to retrieve L1 block: %w", err)
 			}
+			lgr.Info("Walking back L1Block by hash", "curr", l1Block, "next", b, "l2block", n)
 			l1Block = b
 			ahead = false
 		} else if l1Block == (eth.L1BlockRef{}) || n.L1Origin.Hash != l1Block.Hash {
@@ -146,9 +150,10 @@ func FindL2Heads(ctx context.Context, cfg *rollup.Config, l1 L1Chain, l2 L2Chain
 			}
 			l1Block = b
 			ahead = notFound
+			lgr.Info("Walking back L1Block by number", "curr", l1Block, "next", b, "l2block", n)
 		}
 
-		lgr.Trace("walking sync start", "number", n.Number)
+		lgr.Trace("walking sync start", "l2block", n)
 
 		// Don't walk past genesis. If we were at the L2 genesis, but could not find its L1 origin,
 		// the L2 chain is building on the wrong L1 branch.
@@ -202,6 +207,8 @@ func FindL2Heads(ctx context.Context, cfg *rollup.Config, l1 L1Chain, l2 L2Chain
 
 		// Don't traverse further than the finalized head to find a safe head
 		if n.Number == result.Finalized.Number {
+			lgr.Info("Hit finalized L2 head, returning immediately", "unsafe", result.Unsafe, "safe", result.Safe,
+				"finalized", result.Finalized, "unsafe_origin", result.Unsafe.L1Origin, "unsafe_origin", result.Safe.L1Origin)
 			result.Safe = n
 			return result, nil
 		}
diff --git a/components/node/rollup/types.go b/components/node/rollup/types.go
index 0577537427..fd8fd61e46 100644
--- a/components/node/rollup/types.go
+++ b/components/node/rollup/types.go
@@ -114,6 +114,20 @@ func (cfg *Config) ValidateL2Config(ctx context.Context, client L2Client) error
 	return nil
 }
 
+func (cfg *Config) TargetBlockNumber(timestamp uint64) (num uint64, err error) {
+	// subtract genesis time from timestamp to get the time elapsed since genesis, and then divide that
+	// difference by the block time to get the expected L2 block number at the current time. If the
+	// unsafe head does not have this block number, then there is a gap in the queue.
+	genesisTimestamp := cfg.Genesis.L2Time
+	if timestamp < genesisTimestamp {
+		return 0, fmt.Errorf("did not reach genesis time (%d) yet", genesisTimestamp)
+	}
+	timeDiff := timestamp - genesisTimestamp
+	// Note: round down, we should not request blocks into the future.
+	blocksSinceGenesis := timeDiff / cfg.BlockTime
+	return cfg.Genesis.L2.Number + blocksSinceGenesis, nil
+}
+
 type L1Client interface {
 	ChainID(context.Context) (*big.Int, error)
 	L1BlockRefByNumber(context.Context, uint64) (eth.L1BlockRef, error)
diff --git a/components/node/service.go b/components/node/service.go
index 704173206b..bdb31cb9e5 100644
--- a/components/node/service.go
+++ b/components/node/service.go
@@ -93,9 +93,12 @@ func NewConfig(ctx *cli.Context, log log.Logger) (*node.Config, error) {
 
 func NewL1EndpointConfig(ctx *cli.Context) *node.L1EndpointConfig {
 	return &node.L1EndpointConfig{
-		L1NodeAddr: ctx.GlobalString(flags.L1NodeAddr.Name),
-		L1TrustRPC: ctx.GlobalBool(flags.L1TrustRPC.Name),
-		L1RPCKind:  sources.RPCProviderKind(strings.ToLower(ctx.GlobalString(flags.L1RPCProviderKind.Name))),
+		L1NodeAddr:       ctx.GlobalString(flags.L1NodeAddr.Name),
+		L1TrustRPC:       ctx.GlobalBool(flags.L1TrustRPC.Name),
+		L1RPCKind:        sources.RPCProviderKind(strings.ToLower(ctx.GlobalString(flags.L1RPCProviderKind.Name))),
+		RateLimit:        ctx.GlobalFloat64(flags.L1RPCRateLimit.Name),
+		BatchSize:        ctx.GlobalInt(flags.L1RPCMaxBatchSize.Name),
+		HttpPollInterval: ctx.Duration(flags.L1HTTPPollInterval.Name),
 	}
 }
 
@@ -134,15 +137,17 @@ func NewL2EndpointConfig(ctx *cli.Context, log log.Logger) (*node.L2EndpointConf
 func NewL2SyncEndpointConfig(ctx *cli.Context) *node.L2SyncEndpointConfig {
 	return &node.L2SyncEndpointConfig{
 		L2NodeAddr: ctx.GlobalString(flags.BackupL2UnsafeSyncRPC.Name),
+		TrustRPC:   ctx.GlobalBool(flags.BackupL2UnsafeSyncRPCTrustRPC.Name),
 	}
 }
 
 func NewDriverConfig(ctx *cli.Context) *driver.Config {
 	return &driver.Config{
-		SyncerConfDepth:   ctx.GlobalUint64(flags.SyncerL1Confs.Name),
-		ProposerConfDepth: ctx.GlobalUint64(flags.ProposerL1Confs.Name),
-		ProposerEnabled:   ctx.GlobalBool(flags.ProposerEnabledFlag.Name),
-		ProposerStopped:   ctx.GlobalBool(flags.ProposerStoppedFlag.Name),
+		SyncerConfDepth:    ctx.GlobalUint64(flags.SyncerL1Confs.Name),
+		ProposerConfDepth:  ctx.GlobalUint64(flags.ProposerL1Confs.Name),
+		ProposerEnabled:    ctx.GlobalBool(flags.ProposerEnabledFlag.Name),
+		ProposerStopped:    ctx.GlobalBool(flags.ProposerStoppedFlag.Name),
+		ProposerMaxSafeLag: ctx.GlobalUint64(flags.ProposerMaxSafeLagFlag.Name),
 	}
 }
 
diff --git a/components/node/sources/eth_client.go b/components/node/sources/eth_client.go
index 2f4cefb6a8..f3083fe951 100644
--- a/components/node/sources/eth_client.go
+++ b/components/node/sources/eth_client.go
@@ -13,6 +13,7 @@ import (
 	"context"
 	"fmt"
 	"math/big"
+	"time"
 
 	"github.com/ethereum/go-ethereum"
 	"github.com/ethereum/go-ethereum/common"
@@ -56,6 +57,11 @@ type EthClientConfig struct {
 
 	// RPCProviderKind is a hint at what type of RPC provider we are dealing with
 	RPCProviderKind RPCProviderKind
+
+	// Method reset duration defines how long we stick to available RPC methods,
+	// till we re-attempt the user-preferred methods.
+	// If this is 0 then the client does not fall back to less optimal but available methods.
+	MethodResetDuration time.Duration
 }
 
 func (c *EthClientConfig) Check() error {
@@ -118,21 +124,37 @@ type EthClient struct {
 	// This may be modified concurrently, but we don't lock since it's a single
 	// uint64 that's not critical (fine to miss or mix up a modification)
 	availableReceiptMethods ReceiptsFetchingMethod
+
+	// lastMethodsReset tracks when availableReceiptMethods was last reset.
+	// When receipt-fetching fails it falls back to available methods,
+	// but periodically it will try to reset to the preferred optimal methods.
+	lastMethodsReset time.Time
+
+	// methodResetDuration defines how long we take till we reset lastMethodsReset
+	methodResetDuration time.Duration
 }
 
-func (s *EthClient) PickReceiptsMethod(txCount uint64) ReceiptsFetchingMethod {
-	return PickBestReceiptsFetchingMethod(s.provKind, s.availableReceiptMethods, txCount)
+func (c *EthClient) PickReceiptsMethod(txCount uint64) ReceiptsFetchingMethod {
+	if time.Since(c.lastMethodsReset) > c.methodResetDuration {
+		m := AvailableReceiptsFetchingMethods(c.provKind)
+		if c.availableReceiptMethods != m {
+			c.log.Warn("resetting back RPC preferences, please review RPC provider kind setting", "kind", c.provKind.String())
+		}
+		c.availableReceiptMethods = m
+		c.lastMethodsReset = time.Now()
+	}
+	return PickBestReceiptsFetchingMethod(c.provKind, c.availableReceiptMethods, txCount)
 }
 
-func (s *EthClient) OnReceiptsMethodErr(m ReceiptsFetchingMethod, err error) {
+func (c *EthClient) OnReceiptsMethodErr(m ReceiptsFetchingMethod, err error) {
 	if unusableMethod(err) {
 		// clear the bit of the method that errored
-		s.availableReceiptMethods &^= m
-		s.log.Warn("failed to use selected RPC method for receipt fetching, falling back to alternatives",
-			"provider_kind", s.provKind, "failed_method", m, "fallback", s.availableReceiptMethods, "err", err)
+		c.availableReceiptMethods &^= m
+		c.log.Warn("failed to use selected RPC method for receipt fetching, temporarily falling back to alternatives",
+			"provider_kind", c.provKind, "failed_method", m, "fallback", c.availableReceiptMethods, "err", err)
 	} else {
-		s.log.Debug("failed to use selected RPC method for receipt fetching, but method does appear to be available, so we continue to use it",
-			"provider_kind", s.provKind, "failed_method", m, "fallback", s.availableReceiptMethods&^m, "err", err)
+		c.log.Debug("failed to use selected RPC method for receipt fetching, but method does appear to be available, so we continue to use it",
+			"provider_kind", c.provKind, "failed_method", m, "fallback", c.availableReceiptMethods&^m, "err", err)
 	}
 }
 
@@ -155,134 +177,178 @@ func NewEthClient(client client.RPC, log log.Logger, metrics caching.Metrics, co
 		headersCache:            caching.NewLRUCache(metrics, "headers", config.HeadersCacheSize),
 		payloadsCache:           caching.NewLRUCache(metrics, "payloads", config.PayloadsCacheSize),
 		availableReceiptMethods: AvailableReceiptsFetchingMethods(config.RPCProviderKind),
+		lastMethodsReset:        time.Now(),
+		methodResetDuration:     config.MethodResetDuration,
 	}, nil
 }
 
 // SubscribeNewHead subscribes to notifications about the current blockchain head on the given channel.
-func (s *EthClient) SubscribeNewHead(ctx context.Context, ch chan<- *types.Header) (ethereum.Subscription, error) {
+func (c *EthClient) SubscribeNewHead(ctx context.Context, ch chan<- *types.Header) (ethereum.Subscription, error) {
 	// Note that *types.Header does not cache the block hash unlike *HeaderInfo, it always recomputes.
 	// Inefficient if used poorly, but no trust issue.
-	return s.client.EthSubscribe(ctx, ch, "newHeads")
+	return c.client.EthSubscribe(ctx, ch, "newHeads")
+}
+
+// rpcBlockID is an internal type to enforce header and block call results match the requested identifier
+type rpcBlockID interface {
+	// Arg translates the object into an RPC argument
+	Arg() any
+	// CheckID verifies a block/header result matches the requested block identifier
+	CheckID(id eth.BlockID) error
+}
+
+// hashID implements rpcBlockID for safe block-by-hash fetching
+type hashID common.Hash
+
+func (h *hashID) Arg() any { return common.Hash(*h) }
+func (h *hashID) CheckID(id eth.BlockID) error {
+	if common.Hash(*h) != id.Hash {
+		return fmt.Errorf("expected block hash %s but got block %s", common.Hash(*h), id)
+	}
+	return nil
+}
+
+// numberID implements rpcBlockID for safe block-by-number fetching
+type numberID uint64
+
+func (n numberID) Arg() any { return hexutil.EncodeUint64(uint64(n)) }
+func (n numberID) CheckID(id eth.BlockID) error {
+	if uint64(n) != id.Number {
+		return fmt.Errorf("expected block number %d but got block %s", uint64(n), id)
+	}
+	return nil
 }
 
-func (s *EthClient) headerCall(ctx context.Context, method string, id any) (*HeaderInfo, error) {
+func (c *EthClient) headerCall(ctx context.Context, method string, id rpcBlockID) (*HeaderInfo, error) {
 	var header *rpcHeader
-	err := s.client.CallContext(ctx, &header, method, id, false) // headers are just blocks without txs
+	err := c.client.CallContext(ctx, &header, method, id.Arg(), false) // headers are just blocks without txs
 	if err != nil {
 		return nil, err
 	}
 	if header == nil {
 		return nil, ethereum.NotFound
 	}
-	info, err := header.Info(s.trustRPC, s.mustBePostMerge)
+	info, err := header.Info(c.trustRPC, c.mustBePostMerge)
 	if err != nil {
 		return nil, err
 	}
-	s.headersCache.Add(info.Hash(), info)
+	if err := id.CheckID(eth.ToBlockID(info)); err != nil {
+		return nil, fmt.Errorf("fetched block header does not match requested ID: %w", err)
+	}
+	c.headersCache.Add(info.Hash(), info)
 	return info, nil
 }
 
-func (s *EthClient) blockCall(ctx context.Context, method string, id any) (*HeaderInfo, types.Transactions, error) {
+func (c *EthClient) blockCall(ctx context.Context, method string, id rpcBlockID) (*HeaderInfo, types.Transactions, error) {
 	var block *rpcBlock
-	err := s.client.CallContext(ctx, &block, method, id, true)
+	err := c.client.CallContext(ctx, &block, method, id.Arg(), true)
 	if err != nil {
 		return nil, nil, err
 	}
 	if block == nil {
 		return nil, nil, ethereum.NotFound
 	}
-	info, txs, err := block.Info(s.trustRPC, s.mustBePostMerge)
+	info, txs, err := block.Info(c.trustRPC, c.mustBePostMerge)
 	if err != nil {
 		return nil, nil, err
 	}
-	s.headersCache.Add(info.Hash(), info)
-	s.transactionsCache.Add(info.Hash(), txs)
+	if err := id.CheckID(eth.ToBlockID(info)); err != nil {
+		return nil, nil, fmt.Errorf("fetched block data does not match requested ID: %w", err)
+	}
+	c.headersCache.Add(info.Hash(), info)
+	c.transactionsCache.Add(info.Hash(), txs)
 	return info, txs, nil
 }
 
-func (s *EthClient) payloadCall(ctx context.Context, method string, id any) (*eth.ExecutionPayload, error) {
+func (c *EthClient) payloadCall(ctx context.Context, method string, id rpcBlockID) (*eth.ExecutionPayload, error) {
 	var block *rpcBlock
-	err := s.client.CallContext(ctx, &block, method, id, true)
+	err := c.client.CallContext(ctx, &block, method, id.Arg(), true)
 	if err != nil {
 		return nil, err
 	}
 	if block == nil {
 		return nil, ethereum.NotFound
 	}
-	payload, err := block.ExecutionPayload(s.trustRPC)
+	payload, err := block.ExecutionPayload(c.trustRPC)
 	if err != nil {
 		return nil, err
 	}
-	s.payloadsCache.Add(payload.BlockHash, payload)
+	if err := id.CheckID(payload.ID()); err != nil {
+		return nil, fmt.Errorf("fetched payload does not match requested ID: %w", err)
+	}
+	c.payloadsCache.Add(payload.BlockHash, payload)
 	return payload, nil
 }
 
 // ChainID fetches the chain id of the internal RPC.
-func (s *EthClient) ChainID(ctx context.Context) (*big.Int, error) {
+func (c *EthClient) ChainID(ctx context.Context) (*big.Int, error) {
 	var id hexutil.Big
-	err := s.client.CallContext(ctx, &id, "eth_chainId")
+	err := c.client.CallContext(ctx, &id, "eth_chainId")
 	if err != nil {
 		return nil, err
 	}
 	return (*big.Int)(&id), nil
 }
 
-func (s *EthClient) InfoByHash(ctx context.Context, hash common.Hash) (eth.BlockInfo, error) {
-	if header, ok := s.headersCache.Get(hash); ok {
+func (c *EthClient) InfoByHash(ctx context.Context, hash common.Hash) (eth.BlockInfo, error) {
+	if header, ok := c.headersCache.Get(hash); ok {
 		return header.(*HeaderInfo), nil
 	}
-	return s.headerCall(ctx, "eth_getBlockByHash", hash)
+	h := hashID(hash)
+	return c.headerCall(ctx, "eth_getBlockByHash", &h)
 }
 
-func (s *EthClient) InfoByNumber(ctx context.Context, number uint64) (eth.BlockInfo, error) {
+func (c *EthClient) InfoByNumber(ctx context.Context, number uint64) (eth.BlockInfo, error) {
 	// can't hit the cache when querying by number due to reorgs.
-	return s.headerCall(ctx, "eth_getBlockByNumber", hexutil.EncodeUint64(number))
+	return c.headerCall(ctx, "eth_getBlockByNumber", numberID(number))
 }
 
-func (s *EthClient) InfoByLabel(ctx context.Context, label eth.BlockLabel) (eth.BlockInfo, error) {
+func (c *EthClient) InfoByLabel(ctx context.Context, label eth.BlockLabel) (eth.BlockInfo, error) {
 	// can't hit the cache when querying the head due to reorgs / changes.
-	return s.headerCall(ctx, "eth_getBlockByNumber", string(label))
+	return c.headerCall(ctx, "eth_getBlockByNumber", label)
 }
 
-func (s *EthClient) InfoAndTxsByHash(ctx context.Context, hash common.Hash) (eth.BlockInfo, types.Transactions, error) {
-	if header, ok := s.headersCache.Get(hash); ok {
-		if txs, ok := s.transactionsCache.Get(hash); ok {
+func (c *EthClient) InfoAndTxsByHash(ctx context.Context, hash common.Hash) (eth.BlockInfo, types.Transactions, error) {
+	if header, ok := c.headersCache.Get(hash); ok {
+		if txs, ok := c.transactionsCache.Get(hash); ok {
 			return header.(*HeaderInfo), txs.(types.Transactions), nil
 		}
 	}
-	return s.blockCall(ctx, "eth_getBlockByHash", hash)
+	h := hashID(hash)
+	return c.blockCall(ctx, "eth_getBlockByHash", &h)
 }
 
-func (s *EthClient) InfoAndTxsByNumber(ctx context.Context, number uint64) (eth.BlockInfo, types.Transactions, error) {
+func (c *EthClient) InfoAndTxsByNumber(ctx context.Context, number uint64) (eth.BlockInfo, types.Transactions, error) {
 	// can't hit the cache when querying by number due to reorgs.
-	return s.blockCall(ctx, "eth_getBlockByNumber", hexutil.EncodeUint64(number))
+	return c.blockCall(ctx, "eth_getBlockByNumber", numberID(number))
 }
 
-func (s *EthClient) InfoAndTxsByLabel(ctx context.Context, label eth.BlockLabel) (eth.BlockInfo, types.Transactions, error) {
+func (c *EthClient) InfoAndTxsByLabel(ctx context.Context, label eth.BlockLabel) (eth.BlockInfo, types.Transactions, error) {
 	// can't hit the cache when querying the head due to reorgs / changes.
-	return s.blockCall(ctx, "eth_getBlockByNumber", string(label))
+	return c.blockCall(ctx, "eth_getBlockByNumber", label)
 }
 
-func (s *EthClient) PayloadByHash(ctx context.Context, hash common.Hash) (*eth.ExecutionPayload, error) {
-	if payload, ok := s.payloadsCache.Get(hash); ok {
+func (c *EthClient) PayloadByHash(ctx context.Context, hash common.Hash) (*eth.ExecutionPayload, error) {
+	if payload, ok := c.payloadsCache.Get(hash); ok {
 		return payload.(*eth.ExecutionPayload), nil
 	}
-	return s.payloadCall(ctx, "eth_getBlockByHash", hash)
+	h := hashID(hash)
+	return c.payloadCall(ctx, "eth_getBlockByHash", &h)
 }
 
-func (s *EthClient) PayloadByNumber(ctx context.Context, number uint64) (*eth.ExecutionPayload, error) {
-	return s.payloadCall(ctx, "eth_getBlockByNumber", hexutil.EncodeUint64(number))
+func (c *EthClient) PayloadByNumber(ctx context.Context, number uint64) (*eth.ExecutionPayload, error) {
+	return c.payloadCall(ctx, "eth_getBlockByNumber", numberID(number))
 }
 
-func (s *EthClient) PayloadByLabel(ctx context.Context, label eth.BlockLabel) (*eth.ExecutionPayload, error) {
-	return s.payloadCall(ctx, "eth_getBlockByNumber", string(label))
+func (c *EthClient) PayloadByLabel(ctx context.Context, label eth.BlockLabel) (*eth.ExecutionPayload, error) {
+	return c.payloadCall(ctx, "eth_getBlockByNumber", label)
 }
 
 // FetchReceipts returns a block info and all of the receipts associated with transactions in the block.
 // It verifies the receipt hash in the block header against the receipt hash of the fetched receipts
 // to ensure that the execution engine did not fail to return any receipts.
-func (s *EthClient) FetchReceipts(ctx context.Context, blockHash common.Hash) (eth.BlockInfo, types.Receipts, error) {
-	info, txs, err := s.InfoAndTxsByHash(ctx, blockHash)
+func (c *EthClient) FetchReceipts(ctx context.Context, blockHash common.Hash) (eth.BlockInfo, types.Receipts, error) {
+	info, txs, err := c.InfoAndTxsByHash(ctx, blockHash)
 	if err != nil {
 		return nil, nil, err
 	}
@@ -290,15 +356,15 @@ func (s *EthClient) FetchReceipts(ctx context.Context, blockHash common.Hash) (e
 	// that if just one of many calls fail, we only retry the failed call rather than all of the calls.
 	// The underlying fetcher uses the receipts hash to verify receipt integrity.
 	var job *receiptsFetchingJob
-	if v, ok := s.receiptsCache.Get(blockHash); ok {
+	if v, ok := c.receiptsCache.Get(blockHash); ok {
 		job = v.(*receiptsFetchingJob)
 	} else {
 		txHashes := make([]common.Hash, len(txs))
 		for i := 0; i < len(txs); i++ {
 			txHashes[i] = txs[i].Hash()
 		}
-		job = NewReceiptsFetchingJob(s, s.client, s.maxBatchSize, eth.ToBlockID(info), info.ReceiptHash(), txHashes)
-		s.receiptsCache.Add(blockHash, job)
+		job = NewReceiptsFetchingJob(c, c.client, c.maxBatchSize, eth.ToBlockID(info), info.ReceiptHash(), txHashes)
+		c.receiptsCache.Add(blockHash, job)
 	}
 	receipts, err := job.Fetch(ctx)
 	if err != nil {
@@ -311,9 +377,9 @@ func (s *EthClient) FetchReceipts(ctx context.Context, blockHash common.Hash) (e
 // GetProof returns an account proof result, with any optional requested storage proofs.
 // The retrieval does sanity-check that storage proofs for the expected keys are present in the response,
 // but does not verify the result. Call accountResult.Verify(stateRoot) to verify the result.
-func (s *EthClient) GetProof(ctx context.Context, address common.Address, storage []common.Hash, blockTag string) (*eth.AccountResult, error) {
+func (c *EthClient) GetProof(ctx context.Context, address common.Address, storage []common.Hash, blockTag string) (*eth.AccountResult, error) {
 	var getProofResponse *eth.AccountResult
-	err := s.client.CallContext(ctx, &getProofResponse, "eth_getProof", address, storage, blockTag)
+	err := c.client.CallContext(ctx, &getProofResponse, "eth_getProof", address, storage, blockTag)
 	if err != nil {
 		return nil, err
 	}
@@ -325,7 +391,7 @@ func (s *EthClient) GetProof(ctx context.Context, address common.Address, storag
 	}
 	for i, key := range storage {
 		if key != getProofResponse.StorageProof[i].Key {
-			return nil, fmt.Errorf("unexpected storage proof key difference for entry %d: got %s but requested %s", i, getProofResponse.StorageProof[i].Key, key)
+			return nil, fmt.Errorf("unexpected storage proof key difference for entry %d: got %c but requested %c", i, getProofResponse.StorageProof[i].Key, key)
 		}
 	}
 	return getProofResponse, nil
@@ -334,26 +400,26 @@ func (s *EthClient) GetProof(ctx context.Context, address common.Address, storag
 // GetStorageAt returns the storage value at the given address and storage slot, **without verifying the correctness of the result**.
 // This should only ever be used as alternative to GetProof when the user opts in.
 // E.g. Erigon L1 node users may have to use this, since Erigon does not support eth_getProof, see https://github.com/ledgerwatch/erigon/issues/1349
-func (s *EthClient) GetStorageAt(ctx context.Context, address common.Address, storageSlot common.Hash, blockTag string) (common.Hash, error) {
+func (c *EthClient) GetStorageAt(ctx context.Context, address common.Address, storageSlot common.Hash, blockTag string) (common.Hash, error) {
 	var out common.Hash
-	err := s.client.CallContext(ctx, &out, "eth_getStorageAt", address, storageSlot, blockTag)
+	err := c.client.CallContext(ctx, &out, "eth_getStorageAt", address, storageSlot, blockTag)
 	return out, err
 }
 
 // ReadStorageAt is a convenience method to read a single storage value at the given slot in the given account.
 // The storage slot value is verified against the state-root of the given block if we do not trust the RPC provider, or directly retrieved without proof if we do trust the RPC.
-func (s *EthClient) ReadStorageAt(ctx context.Context, address common.Address, storageSlot common.Hash, blockHash common.Hash) (common.Hash, error) {
-	if s.trustRPC {
-		return s.GetStorageAt(ctx, address, storageSlot, blockHash.String())
+func (c *EthClient) ReadStorageAt(ctx context.Context, address common.Address, storageSlot common.Hash, blockHash common.Hash) (common.Hash, error) {
+	if c.trustRPC {
+		return c.GetStorageAt(ctx, address, storageSlot, blockHash.String())
 	}
-	block, err := s.InfoByHash(ctx, blockHash)
+	block, err := c.InfoByHash(ctx, blockHash)
 	if err != nil {
-		return common.Hash{}, fmt.Errorf("failed to retrieve state root of block %s: %w", blockHash, err)
+		return common.Hash{}, fmt.Errorf("failed to retrieve state root of block %c: %w", blockHash, err)
 	}
 
-	result, err := s.GetProof(ctx, address, []common.Hash{storageSlot}, blockHash.String())
+	result, err := c.GetProof(ctx, address, []common.Hash{storageSlot}, blockHash.String())
 	if err != nil {
-		return common.Hash{}, fmt.Errorf("failed to fetch proof of storage slot %s at block %s: %w", storageSlot, blockHash, err)
+		return common.Hash{}, fmt.Errorf("failed to fetch proof of storage slot %c at block %c: %w", storageSlot, blockHash, err)
 	}
 
 	if err := result.Verify(block.Root()); err != nil {
@@ -363,6 +429,6 @@ func (s *EthClient) ReadStorageAt(ctx context.Context, address common.Address, s
 	return common.BytesToHash(value.Bytes()), nil
 }
 
-func (s *EthClient) Close() {
-	s.client.Close()
+func (c *EthClient) Close() {
+	c.client.Close()
 }
diff --git a/components/node/sources/eth_client_test.go b/components/node/sources/eth_client_test.go
index f9e5785241..3f5c86500d 100644
--- a/components/node/sources/eth_client_test.go
+++ b/components/node/sources/eth_client_test.go
@@ -139,3 +139,40 @@ func TestEthClient_InfoByNumber(t *testing.T) {
 	require.Equal(t, info, expectedInfo)
 	m.Mock.AssertExpectations(t)
 }
+
+func TestEthClient_WrongInfoByNumber(t *testing.T) {
+	m := new(mockRPC)
+	_, rhdr := randHeader()
+	rhdr2 := *rhdr
+	rhdr2.Number += 1
+	n := rhdr.Number
+	ctx := context.Background()
+	m.On("CallContext", ctx, new(*rpcHeader),
+		"eth_getBlockByNumber", []any{n.String(), false}).Run(func(args mock.Arguments) {
+		*args[1].(**rpcHeader) = &rhdr2
+	}).Return([]error{nil})
+	s, err := NewL1Client(m, nil, nil, L1ClientDefaultConfig(&rollup.Config{ProposerWindowSize: 10}, true, RPCKindBasic))
+	require.NoError(t, err)
+	_, err = s.InfoByNumber(ctx, uint64(n))
+	require.Error(t, err, "cannot accept the wrong block")
+	m.Mock.AssertExpectations(t)
+}
+
+func TestEthClient_WrongInfoByHash(t *testing.T) {
+	m := new(mockRPC)
+	_, rhdr := randHeader()
+	rhdr2 := *rhdr
+	rhdr2.Root[0] += 1
+	rhdr2.Hash = rhdr2.computeBlockHash()
+	k := rhdr.Hash
+	ctx := context.Background()
+	m.On("CallContext", ctx, new(*rpcHeader),
+		"eth_getBlockByHash", []any{k, false}).Run(func(args mock.Arguments) {
+		*args[1].(**rpcHeader) = &rhdr2
+	}).Return([]error{nil})
+	s, err := NewL1Client(m, nil, nil, L1ClientDefaultConfig(&rollup.Config{ProposerWindowSize: 10}, true, RPCKindBasic))
+	require.NoError(t, err)
+	_, err = s.InfoByHash(ctx, k)
+	require.Error(t, err, "cannot accept the wrong block")
+	m.Mock.AssertExpectations(t)
+}
diff --git a/components/node/sources/l1_client.go b/components/node/sources/l1_client.go
index 89f7e799ad..d496ee18f9 100644
--- a/components/node/sources/l1_client.go
+++ b/components/node/sources/l1_client.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"fmt"
 	"strings"
+	"time"
 
 	"github.com/ethereum/go-ethereum"
 	"github.com/ethereum/go-ethereum/common"
@@ -40,6 +41,7 @@ func L1ClientDefaultConfig(config *rollup.Config, trustRPC bool, kind RPCProvide
 			TrustRPC:              trustRPC,
 			MustBePostMerge:       false,
 			RPCProviderKind:       kind,
+			MethodResetDuration:   time.Minute,
 		},
 		// Not bounded by span, to cover find-sync-start range fully for speedy recovery after errors.
 		L1BlockRefsCacheSize: fullSpan,
diff --git a/components/node/sources/l2_client.go b/components/node/sources/l2_client.go
index 0803ec6317..3269b9c144 100644
--- a/components/node/sources/l2_client.go
+++ b/components/node/sources/l2_client.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"fmt"
 	"strings"
+	"time"
 
 	"github.com/ethereum/go-ethereum"
 	"github.com/ethereum/go-ethereum/common"
@@ -50,6 +51,7 @@ func L2ClientDefaultConfig(config *rollup.Config, trustRPC bool) *L2ClientConfig
 			TrustRPC:              trustRPC,
 			MustBePostMerge:       true,
 			RPCProviderKind:       RPCKindBasic,
+			MethodResetDuration:   time.Minute,
 		},
 		// Not bounded by span, to cover find-sync-start range fully for speedy recovery after errors.
 		L2BlockRefsCacheSize: fullSpan,
diff --git a/components/node/sources/receipts_test.go b/components/node/sources/receipts_test.go
index ad8f9e7592..13441e72a4 100644
--- a/components/node/sources/receipts_test.go
+++ b/components/node/sources/receipts_test.go
@@ -6,6 +6,7 @@ import (
 	"fmt"
 	"math/rand"
 	"testing"
+	"time"
 
 	"github.com/ethereum/go-ethereum/common"
 	"github.com/ethereum/go-ethereum/common/hexutil"
@@ -86,6 +87,7 @@ func (e *methodNotFoundError) Error() string {
 type ReceiptsTestCase struct {
 	name         string
 	providerKind RPCProviderKind
+	staticMethod bool
 	setup        func(t *testing.T) (*rpcBlock, []ReceiptsRequest)
 }
 
@@ -143,6 +145,10 @@ func (tc *ReceiptsTestCase) Run(t *testing.T) {
 		TrustRPC:              false,
 		MustBePostMerge:       false,
 		RPCProviderKind:       tc.providerKind,
+		MethodResetDuration:   time.Minute,
+	}
+	if tc.staticMethod { // if static, instantly reset, for fast clock-independent testing
+		testCfg.MethodResetDuration = 0
 	}
 	logger := testlog.Logger(t, log.LvlError)
 	ethCl, err := NewEthClient(client.NewBaseRPCClient(cl), logger, nil, testCfg)
@@ -227,6 +233,12 @@ func TestEthClient_FetchReceipts(t *testing.T) {
 			providerKind: RPCKindAlchemy,
 			setup:        fallbackCase(30, AlchemyGetTransactionReceipts),
 		},
+		{
+			name:         "alchemy sticky",
+			providerKind: RPCKindAlchemy,
+			staticMethod: true,
+			setup:        fallbackCase(30, AlchemyGetTransactionReceipts, AlchemyGetTransactionReceipts),
+		},
 		{
 			name:         "alchemy fallback 1",
 			providerKind: RPCKindAlchemy,
diff --git a/components/node/sources/sync_client.go b/components/node/sources/sync_client.go
index da6f171f1e..438196f1e9 100644
--- a/components/node/sources/sync_client.go
+++ b/components/node/sources/sync_client.go
@@ -3,7 +3,10 @@ package sources
 import (
 	"context"
 	"errors"
+	"fmt"
+	"io"
 	"sync"
+	"time"
 
 	"github.com/ethereum/go-ethereum/log"
 	"github.com/libp2p/go-libp2p/core/peer"
@@ -12,6 +15,7 @@ import (
 	"github.com/kroma-network/kroma/components/node/eth"
 	"github.com/kroma-network/kroma/components/node/rollup"
 	"github.com/kroma-network/kroma/components/node/sources/caching"
+	"github.com/kroma-network/kroma/utils/service/backoff"
 )
 
 var ErrNoUnsafeL2PayloadChannel = errors.New("unsafeL2Payloads channel must not be nil")
@@ -19,23 +23,30 @@ var ErrNoUnsafeL2PayloadChannel = errors.New("unsafeL2Payloads channel must not
 // RpcSyncPeer is a mock PeerID for the RPC sync client.
 var RpcSyncPeer peer.ID = "ALT_RPC_SYNC"
 
+// receivePayload queues the received payload for processing.
+// This may return an error if there's no capacity for the payload.
 type receivePayload = func(ctx context.Context, from peer.ID, payload *eth.ExecutionPayload) error
 
-type SyncClientInterface interface {
+type RPCSync interface {
+	io.Closer
+	// Start starts an additional worker syncing job
 	Start() error
-	Close() error
-	fetchUnsafeBlockFromRpc(ctx context.Context, blockNumber uint64)
+	// RequestL2Range signals that the given range should be fetched, implementing the alt-sync interface.
+	RequestL2Range(ctx context.Context, start uint64, end eth.L2BlockRef) error
 }
 
+// SyncClient implements the driver AltSync interface, including support for fetching an open-ended chain of L2 blocks.
 type SyncClient struct {
 	*L2Client
-	FetchUnsafeBlock chan uint64
-	done             chan struct{}
-	receivePayload   receivePayload
-	wg               sync.WaitGroup
-}
 
-var _ SyncClientInterface = (*SyncClient)(nil)
+	requests chan uint64
+
+	resCtx    context.Context
+	resCancel context.CancelFunc
+
+	receivePayload receivePayload
+	wg             sync.WaitGroup
+}
 
 type SyncClientConfig struct {
 	L2ClientConfig
@@ -52,41 +63,104 @@ func NewSyncClient(receiver receivePayload, client client.RPC, log log.Logger, m
 	if err != nil {
 		return nil, err
 	}
-
+	// This resource context is shared between all workers that may be started
+	resCtx, resCancel := context.WithCancel(context.Background())
 	return &SyncClient{
-		L2Client:         l2Client,
-		FetchUnsafeBlock: make(chan uint64, 128),
-		done:             make(chan struct{}),
-		receivePayload:   receiver,
+		L2Client:       l2Client,
+		resCtx:         resCtx,
+		resCancel:      resCancel,
+		requests:       make(chan uint64, 128),
+		receivePayload: receiver,
 	}, nil
 }
 
-// Start starts up the state loop.
-// The loop will have been started if err is not nil.
+// Start starts the syncing background work. This may not be called after Close().
 func (s *SyncClient) Start() error {
+	// TODO(CLI-3635): we can start multiple event loop runners as workers, to parallelize the work
 	s.wg.Add(1)
 	go s.eventLoop()
 	return nil
 }
 
-// Close sends a signal to the event loop to stop.
+// Close sends a signal to close all concurrent syncing work.
 func (s *SyncClient) Close() error {
-	s.done <- struct{}{}
+	s.resCancel()
 	s.wg.Wait()
 	return nil
 }
 
+func (s *SyncClient) RequestL2Range(ctx context.Context, start, end eth.L2BlockRef) error {
+	// Drain previous requests now that we have new information
+	for len(s.requests) > 0 {
+		select { // in case requests is being read at the same time, don't block on draining it.
+		case <-s.requests:
+		default:
+			break
+		}
+	}
+
+	endNum := end.Number
+	if end == (eth.L2BlockRef{}) {
+		n, err := s.rollupCfg.TargetBlockNumber(uint64(time.Now().Unix()))
+		if err != nil {
+			return err
+		}
+		if n <= start.Number {
+			return nil
+		}
+		endNum = n
+	}
+
+	// TODO(CLI-3635): optimize the by-range fetching with the Engine API payloads-by-range method.
+
+	s.log.Info("Scheduling to fetch trailing missing payloads from backup RPC", "start", start, "end", endNum, "size", endNum-start.Number-1)
+
+	for i := start.Number + 1; i < endNum; i++ {
+		select {
+		case s.requests <- i:
+		case <-ctx.Done():
+			return ctx.Err()
+		}
+	}
+	return nil
+}
+
 // eventLoop is the main event loop for the sync client.
 func (s *SyncClient) eventLoop() {
 	defer s.wg.Done()
 	s.log.Info("Starting sync client event loop")
 
+	backoffStrategy := &backoff.ExponentialStrategy{
+		Min:       1000,
+		Max:       20_000,
+		MaxJitter: 250,
+	}
+
 	for {
 		select {
-		case <-s.done:
+		case <-s.resCtx.Done():
+			s.log.Debug("Shutting down RPC sync worker")
 			return
-		case blockNumber := <-s.FetchUnsafeBlock:
-			s.fetchUnsafeBlockFromRpc(context.Background(), blockNumber)
+		case reqNum := <-s.requests:
+			err := backoff.DoCtx(s.resCtx, 5, backoffStrategy, func() error {
+				// Limit the maximum time for fetching payloads
+				ctx, cancel := context.WithTimeout(s.resCtx, time.Second*10)
+				defer cancel()
+				// We are only fetching one block at a time here.
+				return s.fetchUnsafeBlockFromRpc(ctx, reqNum)
+			})
+			if err != nil {
+				if err == s.resCtx.Err() {
+					return
+				}
+				s.log.Error("failed syncing L2 block via RPC", "err", err, "num", reqNum)
+				// Reschedule at end of queue
+				select {
+				case s.requests <- reqNum:
+				default:
+					// drop syncing job if we are too busy with sync jobs already.
+				}
+			}
 		}
 	}
 }
@@ -96,28 +170,22 @@ func (s *SyncClient) eventLoop() {
 //
 // Post Shanghai hardfork, the engine API's `PayloadBodiesByRange` method will be much more efficient, but for now,
 // the `eth_getBlockByNumber` method is more widely available.
-func (s *SyncClient) fetchUnsafeBlockFromRpc(ctx context.Context, blockNumber uint64) {
+func (s *SyncClient) fetchUnsafeBlockFromRpc(ctx context.Context, blockNumber uint64) error {
 	s.log.Info("Requesting unsafe payload from backup RPC", "block number", blockNumber)
 
 	payload, err := s.PayloadByNumber(ctx, blockNumber)
 	if err != nil {
-		s.log.Warn("Failed to convert block to execution payload", "block number", blockNumber, "err", err)
-		return
-	}
-
-	// Signature validation is not necessary here since the backup RPC is trusted.
-	if _, ok := payload.CheckBlockHash(); !ok {
-		s.log.Warn("Received invalid payload from backup RPC; invalid block hash", "payload", payload.ID())
-		return
+		return fmt.Errorf("failed to fetch payload by number (%d): %w", blockNumber, err)
 	}
+	// Note: the underlying RPC client used for syncing verifies the execution payload blockhash, if set to untrusted.
 
 	s.log.Info("Received unsafe payload from backup RPC", "payload", payload.ID())
 
 	// Send the retrieved payload to the `unsafeL2Payloads` channel.
 	if err = s.receivePayload(ctx, RpcSyncPeer, payload); err != nil {
-		s.log.Warn("Failed to send payload into the driver's unsafeL2Payloads channel", "payload", payload.ID(), "err", err)
-		return
+		return fmt.Errorf("failed to send payload %s into the driver's unsafeL2Payloads channel: %w", payload.ID(), err)
 	} else {
-		s.log.Info("Sent received payload into the driver's unsafeL2Payloads channel", "payload", payload.ID())
+		s.log.Debug("Sent received payload into the driver's unsafeL2Payloads channel", "payload", payload.ID())
+		return nil
 	}
 }
diff --git a/components/node/testutils/metrics.go b/components/node/testutils/metrics.go
index 57c95eaf36..008d001406 100644
--- a/components/node/testutils/metrics.go
+++ b/components/node/testutils/metrics.go
@@ -5,10 +5,11 @@ import "github.com/kroma-network/kroma/components/node/eth"
 // TestDerivationMetrics implements the metrics used in the derivation pipeline as no-op operations.
 // Optionally a test may hook into the metrics
 type TestDerivationMetrics struct {
-	FnRecordL1ReorgDepth   func(d uint64)
-	FnRecordL1Ref          func(name string, ref eth.L1BlockRef)
-	FnRecordL2Ref          func(name string, ref eth.L2BlockRef)
-	FnRecordUnsafePayloads func(length uint64, memSize uint64, next eth.BlockID)
+	FnRecordL1ReorgDepth      func(d uint64)
+	FnRecordL1Ref             func(name string, ref eth.L1BlockRef)
+	FnRecordL2Ref             func(name string, ref eth.L2BlockRef)
+	FnRecordUnsafePayloads    func(length uint64, memSize uint64, next eth.BlockID)
+	FnRecordChannelInputBytes func(inputCompressedBytes int)
 }
 
 func (t *TestDerivationMetrics) RecordL1ReorgDepth(d uint64) {
@@ -35,6 +36,12 @@ func (t *TestDerivationMetrics) RecordUnsafePayloadsBuffer(length uint64, memSiz
 	}
 }
 
+func (t *TestDerivationMetrics) RecordChannelInputBytes(inputCompressedBytes int) {
+	if t.FnRecordChannelInputBytes != nil {
+		t.FnRecordChannelInputBytes(inputCompressedBytes)
+	}
+}
+
 type TestRPCMetrics struct{}
 
 func (n *TestRPCMetrics) RecordRPCServerRequest(method string) func() {
diff --git a/components/node/testutils/random.go b/components/node/testutils/random.go
index 0686d96117..50ca208adf 100644
--- a/components/node/testutils/random.go
+++ b/components/node/testutils/random.go
@@ -245,3 +245,23 @@ func RandomBlockPrependTxs(rng *rand.Rand, txCount int, ptxs ...*types.Transacti
 	}
 	return block, receipts
 }
+
+func RandomOutputResponse(rng *rand.Rand) *eth.OutputResponse {
+	return &eth.OutputResponse{
+		Version:               eth.Bytes32(RandomHash(rng)),
+		OutputRoot:            eth.Bytes32(RandomHash(rng)),
+		BlockRef:              RandomL2BlockRef(rng),
+		WithdrawalStorageRoot: RandomHash(rng),
+		StateRoot:             RandomHash(rng),
+		Status: &eth.SyncStatus{
+			CurrentL1:          RandomBlockRef(rng),
+			CurrentL1Finalized: RandomBlockRef(rng),
+			HeadL1:             RandomBlockRef(rng),
+			SafeL1:             RandomBlockRef(rng),
+			FinalizedL1:        RandomBlockRef(rng),
+			UnsafeL2:           RandomL2BlockRef(rng),
+			SafeL2:             RandomL2BlockRef(rng),
+			FinalizedL2:        RandomL2BlockRef(rng),
+		},
+	}
+}
diff --git a/e2e/system_test.go b/e2e/system_test.go
index f195f42aa6..4e83925765 100644
--- a/e2e/system_test.go
+++ b/e2e/system_test.go
@@ -702,7 +702,7 @@ func TestSystemMockAltSync(t *testing.T) {
 		role: "proposer",
 		action: func(sCfg *SystemConfig, system *System) {
 			rpc, _ := system.Nodes["proposer"].Attach() // never errors
-			cfg.Nodes["syncer"].L2Sync = &rollupNode.L2SyncRPCConfig{
+			cfg.Nodes["syncer"].L2Sync = &rollupNode.PreparedL2SyncEndpoint{
 				Rpc: client.NewBaseRPCClient(rpc),
 			}
 		},
diff --git a/go.mod b/go.mod
index 62760c2ac7..5b826eb098 100644
--- a/go.mod
+++ b/go.mod
@@ -14,6 +14,7 @@ require (
 	github.com/google/gofuzz v1.2.1-0.20220503160820-4a35382e8fc8
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/hashicorp/golang-lru v0.5.5-0.20210104140557-80c98217689d
+	github.com/hashicorp/golang-lru/v2 v2.0.1
 	github.com/holiman/uint256 v1.2.0
 	github.com/ipfs/go-datastore v0.6.0
 	github.com/ipfs/go-ds-leveldb v0.5.0
@@ -30,6 +31,7 @@ require (
 	golang.org/x/exp v0.0.0-20230206171751-46f607a40771
 	golang.org/x/sync v0.1.0
 	golang.org/x/term v0.4.0
+	golang.org/x/time v0.0.0-20220922220347-f3bd1da661af
 	google.golang.org/grpc v1.53.0
 	google.golang.org/protobuf v1.28.1
 )
@@ -81,7 +83,6 @@ require (
 	github.com/graph-gophers/graphql-go v1.3.0 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-bexpr v0.1.11 // indirect
-	github.com/hashicorp/golang-lru/v2 v2.0.1 // indirect
 	github.com/holiman/big v0.0.0-20221017200358-a027dc42d04e // indirect
 	github.com/holiman/bloomfilter/v2 v2.0.3 // indirect
 	github.com/huin/goupnp v1.0.3 // indirect
@@ -173,7 +174,6 @@ require (
 	golang.org/x/net v0.5.0 // indirect
 	golang.org/x/sys v0.5.0 // indirect
 	golang.org/x/text v0.7.0 // indirect
-	golang.org/x/time v0.0.0-20220922220347-f3bd1da661af // indirect
 	golang.org/x/tools v0.3.0 // indirect
 	google.golang.org/genproto v0.0.0-20230110181048-76db0878b65f // indirect
 	gopkg.in/natefinch/npipe.v2 v2.0.0-20160621034901-c1b8fa8bdcce // indirect
diff --git a/ops-devnet/docker-compose.yml b/ops-devnet/docker-compose.yml
index 499d0a77c8..b9c2c5042c 100644
--- a/ops-devnet/docker-compose.yml
+++ b/ops-devnet/docker-compose.yml
@@ -70,6 +70,8 @@ services:
       NODE_P2P_LISTEN_IP: 0.0.0.0
       NODE_P2P_LISTEN_TCP_PORT: 9003
       NODE_P2P_LISTEN_UDP_PORT: 9003
+      NODE_P2P_PEER_SCORING: light
+      NODE_P2P_PEER_BANNING: true
       NODE_P2P_PRIV_PATH: /config/p2p-node-key.txt
       NODE_P2P_PROPOSER_KEY: 8b3a350cf5c34c9194ca85829a2df0ec3153be0318b5e2d3348e872092edffba
       NODE_METRICS_ENABLED: true
diff --git a/specs/rollup-node-p2p.md b/specs/rollup-node-p2p.md
index fe3e907d4e..de203ab49b 100644
--- a/specs/rollup-node-p2p.md
+++ b/specs/rollup-node-p2p.md
@@ -57,6 +57,8 @@ and are adopted by several other blockchains, most notably the [L1 consensus lay
     - [Block validation](#block-validation)
       - [Block processing](#block-processing)
       - [Block topic scoring parameters](#block-topic-scoring-parameters)
+- [Req-Resp](#req-resp)
+  - [`payload_by_number`](#payload_by_number)
 
 <!-- END doctoc generated TOC please keep comment here to allow auto update -->
 
@@ -307,6 +309,89 @@ A node may apply the block to their local engine ahead of L1 availability, if it
 
 TODO: GossipSub per-topic scoring to fine-tune incentives for ideal propagation delay and bandwidth usage.
 
+## Req-Resp
+
+The kroma-node implements a similar request-response encoding for its sync protocols as the L1 ethereum Beacon-Chain.
+See [L1 P2P-interface req-resp specification][eth2-p2p-reqresp] and [Altair P2P update][eth2-p2p-altair-reqresp].
+
+However, the protocol is simplified, to avoid several issues seen in L1:
+
+- Error strings in responses, if there is any alternative response,
+  should not need to be compressed or have an artificial global length limit.
+- Payload lengths should be fixed-length: byte-by-byte uvarint reading from the underlying stream is undesired.
+- `<context-bytes>` are relaxed to encode a `uint32`, rather than a beacon-chain `ForkDigest`.
+- Payload-encoding may change per hardfork, so is not part of the protocol-ID.
+- Usage of response-chunks is specific to the req-resp method: most basic req-resp does not need chunked responses.
+- Compression is encouraged to be part of the payload-encoding, specific to the req-resp method, where necessary:
+  pings and such do not need streaming frame compression etc.
+
+And the protocol ID format follows the same scheme as L1,
+except the trailing encoding schema part, which is now message-specific:
+
+```text
+/ProtocolPrefix/MessageName/SchemaVersion/
+```
+
+The req-resp protocols served by the kroma-node all have `/ProtocolPrefix` set to `/opstack/req`.
+
+Individual methods may include the chain ID as part of the `/MessageName` segment,
+so it's immediately clear which chain the method applies to, if the communication is chain-specific.
+Other methods may include chain-information in the request and/or response data,
+such as the `ForkDigest` `<context-bytes>` in L1 beacon chain req-resp protocols.
+
+Each segment starts with a `/`, and may contain multiple `/`, and the final protocol ID is suffixed with a `/`.
+
+### `payload_by_number`
+
+This is an optional chain syncing method, to request/serve execution payloads by number.
+This serves as a method to fill gaps upon missed gossip, and sync short to medium ranges of unsafe L2 blocks.
+
+Protocol ID: `/opstack/req/payload_by_number/<chain-id>/0/`
+
+- `/MessageName` is `/block_by_number/<chain-id>` where `<chain-id>` is set to the kroma-node L2 chain ID.
+- `/SchemaVersion` is `/0`
+
+Request format: `<num>`: a little-endian `uint64` - the block number to request.
+
+Response format: `<response> = <res><version><payload>`
+
+- `<res>` is a byte code describing the result.
+  - `0` on success, `<version><payload>` should follow.
+  - `1` if valid request, but unavailable payload.
+  - `2` if invalid request
+  - `3+` if other error
+  - The `>= 128` range is reserved for future use.
+- `<version>` is a little-endian `uint32`, identifying the type of `ExecutionPayload` (fork-specific)
+- `<payload>` is an encoded block, read till stream EOF.
+
+The input of `<response>` should be limited, as well as any generated decompressed output,
+to avoid unexpected resource usage or zip-bomb type attacks.
+A 10 MB limit is recommended, to ensure all blocks may be synced.
+Implementations may opt for a different limit, since this sync method is optional.
+
+`<version>` list:
+
+- `0`: SSZ-encoded `ExecutionPayload`, with Snappy framing compression,
+  matching the `ExecutionPayload` SSZ definition of the L1 Merge, L2 Kroma versions.
+- Other versions may be listed here with future network upgrades, such as the L1 Shanghai upgrade.
+
+The request is by block-number, enabling parallel fetching of a chain across many peers.
+
+A `res = 0` response should be verified to:
+
+- Have a block-number matching the requested block number.
+- Have a consistent `blockhash` w.r.t. the other block contents.
+- Build towards a known canonical block.
+  - This can be verified by checking if the parent-hash of a previous trusted canonical block matches
+    that of the verified hash of the retrieved block.
+  - For unsafe blocks this may be relaxed to verification against the parent-hash of any previously trusted block:
+    - The gossip validation process limits the amount of blocks that may be trusted to sync towards.
+    - The unsafe blocks should be queued for processing, the latest received L2 unsafe blocks should always
+      override any previous chain, until the final L2 chain can be reproduced from L1 data.
+
+A `res > 0` response code should not be accepted. The result code is helpful for debugging,
+but the client should regard any error like any any other unanswered request, as the responding peer cannot be trusted.
+
 ----
 
 [libp2p]: https://libp2p.io/
@@ -315,6 +400,8 @@ TODO: GossipSub per-topic scoring to fine-tune incentives for ideal propagation
 [discv5-random-nodes]: https://pkg.go.dev/github.com/ethereum/go-ethereum@v1.10.12/p2p/discover#UDPv5.RandomNodes
 [enr]: https://github.com/ethereum/devp2p/blob/master/enr.md
 [eth2-p2p]: https://github.com/ethereum/consensus-specs/blob/dev/specs/phase0/p2p-interface.md
+[eth2-p2p-reqresp]: https://github.com/ethereum/consensus-specs/blob/dev/specs/phase0/p2p-interface.md#the-reqresp-domain
+[eth2-p2p-altair-reqresp]: https://github.com/ethereum/consensus-specs/blob/dev/specs/altair/p2p-interface.md#the-reqresp-domain
 [extended-validator]: https://github.com/libp2p/specs/blob/master/pubsub/gossipsub/gossipsub-v1.1.md#extended-validators
 [gossip-parameters]: https://github.com/libp2p/specs/blob/master/pubsub/gossipsub/gossipsub-v1.0.md#parameters
 [gossipsub]: https://github.com/libp2p/specs/blob/master/pubsub/gossipsub/gossipsub-v1.1.md
diff --git a/utils/service/backoff/operation.go b/utils/service/backoff/operation.go
index cecd67cca3..5e0f7601a8 100644
--- a/utils/service/backoff/operation.go
+++ b/utils/service/backoff/operation.go
@@ -29,6 +29,9 @@ func Do(maxAttempts int, strategy Strategy, op Operation) error {
 }
 
 func DoCtx(ctx context.Context, maxAttempts int, strategy Strategy, op Operation) error {
+	if maxAttempts < 1 {
+		return fmt.Errorf("need at least 1 attempt to run op, but have %d max attempts", maxAttempts)
+	}
 	var attempt int
 
 	reattemptCh := make(chan struct{}, 1)