sigp · PoulavBhowmick03 · Jan 27, 2026 · Feb 7, 2026 · Feb 7, 2026 · Feb 7, 2026
diff --git a/beacon_node/beacon_chain/src/builder.rs b/beacon_node/beacon_chain/src/builder.rs
@@ -848,6 +848,42 @@ where
             ));
         }
 
+        // Check if head is outside the Data Availability Window (unless unsafe sync is enabled).
+        if !self.chain_config.enable_unsafe_sync {
+            if let Some(current_slot) = slot_clock.now() {
+                let current_epoch = current_slot.epoch(E::slots_per_epoch());
+                let head_epoch = head_snapshot
+                    .beacon_block
+                    .slot()
+                    .epoch(E::slots_per_epoch());
+
+                if let Some(da_boundary) = self
+                    .spec
+                    .min_epoch_data_availability_boundary(current_epoch)
+                {
+                    if head_epoch < da_boundary {
+                        crit!(
+                            head_epoch = %head_epoch,
+                            da_boundary = %da_boundary,
+                            head_slot = %head_snapshot.beacon_block.slot(),
+                            "Head is outside the Data Availability window!"
+                        );
+                        crit!(
+                            "Your node's head is outside the DA window (~18 days). \
+                             Lighthouse cannot independently verify blob availability for historical blocks. \
+                             Options: \
+                             1. Use checkpoint sync: --checkpoint-sync-url <URL> \
+                             2. Use --enable-unsafe-sync to bypass this check"
+                        );
+                        return Err(format!(
+                            "Head epoch {} is before DA boundary epoch {}.",
+                            head_epoch, da_boundary
+                        ));
+                    }
+                }
+            }
+        }
+
         let validator_pubkey_cache = self
             .validator_pubkey_cache
             .map(|mut validator_pubkey_cache| {

diff --git a/beacon_node/beacon_chain/src/chain_config.rs b/beacon_node/beacon_chain/src/chain_config.rs
@@ -121,6 +121,8 @@ pub struct ChainConfig {
     pub disable_get_blobs: bool,
     /// The node's custody type, determining how many data columns to custody and sample.
     pub node_custody_type: NodeCustodyType,
+    /// Allow syncing from a head outside the Data Availability window.
+    pub enable_unsafe_sync: bool,
 }
 
 impl Default for ChainConfig {
@@ -162,6 +164,7 @@ impl Default for ChainConfig {
             invalid_block_roots: HashSet::new(),
             disable_get_blobs: false,
             node_custody_type: NodeCustodyType::Fullnode,
+            enable_unsafe_sync: false,
         }
     }
 }

diff --git a/beacon_node/src/cli.rs b/beacon_node/src/cli.rs
@@ -1245,6 +1245,17 @@ pub fn cli_app() -> Command {
                 .help_heading(FLAG_HEADER)
                 .display_order(0)
         )
+        .arg(
+            Arg::new("enable-unsafe-sync")
+                .long("enable-unsafe-sync")
+                .help("Allow syncing from a head outside the Data Availability (DA) window. \
+                       Use this flag if your node has been offline for more than ~18 days and \
+                       you want to continue syncing WITHOUT independently verifying historical \
+                       blob availability.")
+                .action(ArgAction::SetTrue)
+                .help_heading(FLAG_HEADER)
+                .display_order(0)
+        )
         .arg(
             Arg::new("reconstruct-historic-states")
                 .long("reconstruct-historic-states")

diff --git a/beacon_node/src/config.rs b/beacon_node/src/config.rs
@@ -816,6 +816,8 @@ pub fn get_config<E: EthSpec>(
         client_config.store.prune_blobs = false;
     }
 
+    client_config.chain.enable_unsafe_sync = cli_args.get_flag("enable-unsafe-sync");
+
     // Backfill sync rate-limiting
     client_config.beacon_processor.enable_backfill_rate_limiting =
         !cli_args.get_flag("disable-backfill-rate-limiting");

diff --git a/lighthouse/tests/beacon_node.rs b/lighthouse/tests/beacon_node.rs
@@ -211,6 +211,14 @@ fn fork_choice_before_proposal_timeout_zero() {
         .with_config(|config| assert_eq!(config.chain.fork_choice_before_proposal_timeout_ms, 0));
 }
 
+#[test]
+fn enable_unsafe_sync_flag() {
+    CommandLineTest::new()
+        .flag("enable-unsafe-sync", None)
+        .run_with_zero_port()
+        .with_config(|config| assert!(config.chain.enable_unsafe_sync));
+}
+
 #[test]
 fn checkpoint_sync_url_timeout_flag() {
     CommandLineTest::new()