diff --git a/consensus/parlia/utils.go b/consensus/parlia/utils.go
index 62bc492dae8..d9e657b1813 100644
--- a/consensus/parlia/utils.go
+++ b/consensus/parlia/utils.go
@@ -9,7 +9,7 @@ import (
 	"github.com/ledgerwatch/log/v3"
 )
 
-func backOffTime(snap *Snapshot, header *types.Header, val libcommon.Address, chainConfig *chain.Config ) uint64 {
+func backOffTime(snap *Snapshot, header *types.Header, val libcommon.Address, chainConfig *chain.Config) uint64 {
 	if snap.inturn(val) {
 		return 0
 	} else {
@@ -29,17 +29,14 @@ func backOffTime(snap *Snapshot, header *types.Header, val libcommon.Address, ch
 				recentsMap[recent] = seen
 			}
 
-			// if the validator has recently signed, it is unexpected, stop here.
-			if seen, ok := recentsMap[val]; ok {
-				log.Error("unreachable code, validator signed recently",
-					"block", header.Number, "address", val,
-					"seen", seen, "len(snap.Recents)", len(snap.Recents))
+			// The backOffTime does not matter when a validator has signed recently.
+			if _, ok := recentsMap[val]; ok {
 				return 0
 			}
 
 			inTurnAddr := validators[(snap.Number+1)%uint64(len(validators))]
 			if _, ok := recentsMap[inTurnAddr]; ok {
-				log.Info("in turn validator has recently signed, skip initialBackOffTime",
+				log.Debug("in turn validator has recently signed, skip initialBackOffTime",
 					"inTurnAddr", inTurnAddr)
 				delay = 0
 			}
diff --git a/core/systemcontracts/upgrade.go b/core/systemcontracts/upgrade.go
index f5e2d4ea47c..824b7d6b993 100644
--- a/core/systemcontracts/upgrade.go
+++ b/core/systemcontracts/upgrade.go
@@ -502,7 +502,7 @@ func init() {
 	}
 
 	PlanckUpgrade[networkname.ChapelChainName] = &Upgrade{
-		UpgradeName:"planck",
+		UpgradeName: "planck",
 		Configs: []*UpgradeConfig{
 			{
 				ContractAddr: SlashContract,
@@ -527,7 +527,7 @@ func init() {
 		},
 	}
 
-PlanckUpgrade[networkname.RialtoChainName] = &Upgrade{
+	PlanckUpgrade[networkname.RialtoChainName] = &Upgrade{
 		UpgradeName: "planck",
 		Configs: []*UpgradeConfig{
 			{
diff --git a/core/vm/contracts.go b/core/vm/contracts.go
index 156618f09d6..b6f832288ed 100644
--- a/core/vm/contracts.go
+++ b/core/vm/contracts.go
@@ -171,7 +171,7 @@ var PrecompiledContractsPlanck = map[libcommon.Address]PrecompiledContract{
 }
 
 var (
-	PrecompiledAddressesPlanck           []libcommon.Address
+	PrecompiledAddressesPlanck         []libcommon.Address
 	PrecompiledAddressesMoran          []libcommon.Address
 	PrecompiledAddressesNano           []libcommon.Address
 	PrecompiledAddressesBerlin         []libcommon.Address
diff --git a/core/vm/contracts_lightclient.go b/core/vm/contracts_lightclient.go
index 65af844bff9..5ee6afe38bf 100644
--- a/core/vm/contracts_lightclient.go
+++ b/core/vm/contracts_lightclient.go
@@ -28,6 +28,11 @@ const (
 // 32 bytes               |                 |                   |
 func decodeTendermintHeaderValidationInput(input []byte) (*lightclient.ConsensusState, *lightclient.Header, error) {
 	csLen := binary.BigEndian.Uint64(input[consensusStateLengthBytesLength-uint64TypeLength : consensusStateLengthBytesLength])
+
+	if consensusStateLengthBytesLength+csLen < consensusStateLengthBytesLength {
+		return nil, nil, fmt.Errorf("integer overflow, csLen: %d", csLen)
+	}
+
 	if uint64(len(input)) <= consensusStateLengthBytesLength+csLen {
 		return nil, nil, fmt.Errorf("expected payload size %d, actual size: %d", consensusStateLengthBytesLength+csLen, len(input))
 	}
@@ -321,4 +326,4 @@ func keyVerifier(key string) error {
 		return cmn.NewError("key should not start with x:")
 	}
 	return nil
-}
\ No newline at end of file
+}
diff --git a/core/vm/lightclient/types.go b/core/vm/lightclient/types.go
index c0f925c4597..5df79740fac 100644
--- a/core/vm/lightclient/types.go
+++ b/core/vm/lightclient/types.go
@@ -212,16 +212,16 @@ func DecodeHeader(input []byte) (*Header, error) {
 type KeyVerifier func(string) error
 
 type KeyValueMerkleProof struct {
-	Key          []byte
-	Value        []byte
-	StoreName    string
-	AppHash      []byte
-	Proof        *merkle.Proof
+	Key       []byte
+	Value     []byte
+	StoreName string
+	AppHash   []byte
+	Proof     *merkle.Proof
 
 	keyVerifier      KeyVerifier
 	proofOpsVerifier merkle.ProofOpsVerifier
-	verifiers    []merkle.ProofOpVerifier
-	proofRuntime *merkle.ProofRuntime
+	verifiers        []merkle.ProofOpVerifier
+	proofRuntime     *merkle.ProofRuntime
 }
 
 func (kvmp *KeyValueMerkleProof) SetProofRuntime(prt *merkle.ProofRuntime) {
@@ -270,8 +270,9 @@ func DecodeKeyValueMerkleProof(input []byte) (*KeyValueMerkleProof, error) {
 	inputLength := uint64(len(input))
 	pos := uint64(0)
 
-	if inputLength <= storeNameLengthBytesLength+keyLengthBytesLength+valueLengthBytesLength+appHashLength {
-		return nil, fmt.Errorf("input length should be no less than %d", storeNameLengthBytesLength+keyLengthBytesLength+valueLengthBytesLength+appHashLength)
+	fixedSize := storeNameLengthBytesLength + keyLengthBytesLength + valueLengthBytesLength + appHashLength
+	if inputLength <= fixedSize {
+		return nil, fmt.Errorf("input length should be no less than %d", fixedSize)
 	}
 	storeName := string(bytes.Trim(input[pos:pos+storeNameLengthBytesLength], "\x00"))
 	pos += storeNameLengthBytesLength
@@ -279,7 +280,8 @@ func DecodeKeyValueMerkleProof(input []byte) (*KeyValueMerkleProof, error) {
 	keyLength := binary.BigEndian.Uint64(input[pos+keyLengthBytesLength-8 : pos+keyLengthBytesLength])
 	pos += keyLengthBytesLength
 
-	if inputLength <= storeNameLengthBytesLength+keyLengthBytesLength+keyLength+valueLengthBytesLength {
+	fixedSize = storeNameLengthBytesLength + keyLengthBytesLength + valueLengthBytesLength
+	if inputLength <= fixedSize+keyLength || fixedSize+keyLength < fixedSize {
 		return nil, fmt.Errorf("invalid input, keyLength %d is too long", keyLength)
 	}
 	key := input[pos : pos+keyLength]
@@ -288,7 +290,10 @@ func DecodeKeyValueMerkleProof(input []byte) (*KeyValueMerkleProof, error) {
 	valueLength := binary.BigEndian.Uint64(input[pos+valueLengthBytesLength-8 : pos+valueLengthBytesLength])
 	pos += valueLengthBytesLength
 
-	if inputLength <= storeNameLengthBytesLength+keyLengthBytesLength+keyLength+valueLengthBytesLength+valueLength+appHashLength {
+	fixedSize = storeNameLengthBytesLength + keyLengthBytesLength + valueLengthBytesLength + appHashLength
+	if inputLength <= fixedSize+keyLength+valueLength ||
+		fixedSize+keyLength < fixedSize ||
+		fixedSize+keyLength+valueLength < valueLength {
 		return nil, fmt.Errorf("invalid input, valueLength %d is too long", valueLength)
 	}
 	value := input[pos : pos+valueLength]
diff --git a/params/chainspecs/bsc.json b/params/chainspecs/bsc.json
index add58f5b4fd..5b9eabcadf3 100644
--- a/params/chainspecs/bsc.json
+++ b/params/chainspecs/bsc.json
@@ -18,7 +18,7 @@
   "nanoBlock": 21962149,
   "moranBlock": 22107423,
   "gibbsBlock": 23846001,
-  "planckBlock": 0,
+  "planckBlock": 27281024,
   "parlia": {
     "DBPath": "",
     "InMemory": false,
diff --git a/params/version.go b/params/version.go
index 288ff649585..40aeaf048b6 100644
--- a/params/version.go
+++ b/params/version.go
@@ -31,9 +31,9 @@ var (
 
 // see https://calver.org
 const (
-	VersionMajor       = 2        // Major version component of the current release
-	VersionMinor       = 40       // Minor version component of the current release
-	VersionMicro       = 0        // Patch version component of the current release
+	VersionMajor       = 2     // Major version component of the current release
+	VersionMinor       = 40    // Minor version component of the current release
+	VersionMicro       = 0     // Patch version component of the current release
 	VersionModifier    = "dev" // Modifier component of the current release
 	VersionKeyCreated  = "ErigonVersionCreated"
 	VersionKeyFinished = "ErigonVersionFinished"