diff --git a/docker-compose.yaml b/docker-compose.yaml
index 53a1cb764..92f1ccac0 100644
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -133,6 +133,7 @@ services:
     ports:
       - "$ESPRESSO_PROVER_SERVICE_PORT:$ESPRESSO_PROVER_SERVICE_PORT"
     environment:
+      - ESPRESSO_PROVER_SERVICE_PORT
       - ESPRESSO_STATE_RELAY_SERVER_URL
       - ESPRESSO_SEQUENCER_ORCHESTRATOR_URL
       - ESPRESSO_STATE_PROVER_UPDATE_INTERVAL
@@ -440,7 +441,7 @@ services:
     healthcheck:
       # Postgres can be falsely "ready" once before running init scripts.
       # See https://github.com/docker-library/postgres/issues/146 for discussion.
-      test: "pg_isready && sleep 1 && pg_isready"
+      test: "pg_isready -U root && sleep 1 && pg_isready -U root"
       interval: 5s
       timeout: 4s
       retries: 20
diff --git a/docker/permissionless-builder.Dockerfile b/docker/permissionless-builder.Dockerfile
index 3eadf0297..712e5f299 100644
--- a/docker/permissionless-builder.Dockerfile
+++ b/docker/permissionless-builder.Dockerfile
@@ -7,6 +7,10 @@ RUN apt-get update \
     &&  rm -rf /var/lib/apt/lists/*
 ENTRYPOINT ["tini", "--"]
 
+# Download an SRS file to avoid download at runtime
+ENV AZTEC_SRS_PATH=/kzg10-aztec20-srs-1048584.bin
+RUN curl -LO https://github.com/EspressoSystems/ark-srs/releases/download/v0.2.0/$AZTEC_SRS_PATH
+
 COPY target/$TARGETARCH/release/permissionless-builder /bin/permissionless-builder
 RUN chmod +x /bin/permissionless-builder
 
diff --git a/docker/prover-service.Dockerfile b/docker/prover-service.Dockerfile
index 66e2ff0a8..9e07f2fef 100644
--- a/docker/prover-service.Dockerfile
+++ b/docker/prover-service.Dockerfile
@@ -3,10 +3,14 @@ FROM ubuntu:jammy
 ARG TARGETARCH
 
 RUN apt-get update \
-    &&  apt-get install -y curl git libcurl4 wait-for-it tini jq \
+    &&  apt-get install -y curl libcurl4 wait-for-it tini \
     &&  rm -rf /var/lib/apt/lists/*
 ENTRYPOINT ["tini", "--"]
 
+# Download an SRS file to avoid download at runtime
+ENV AZTEC_SRS_PATH=/kzg10-aztec20-srs-1048584.bin
+RUN curl -LO https://github.com/EspressoSystems/ark-srs/releases/download/v0.2.0/$AZTEC_SRS_PATH
+
 # copy the binaries
 COPY target/$TARGETARCH/release/state-prover /usr/local/bin/state-prover
 RUN chmod +x /usr/local/bin/state-prover
diff --git a/docker/sequencer.Dockerfile b/docker/sequencer.Dockerfile
index d0f2d1d6c..05e2d8ee1 100644
--- a/docker/sequencer.Dockerfile
+++ b/docker/sequencer.Dockerfile
@@ -7,6 +7,10 @@ RUN apt-get update \
     &&  rm -rf /var/lib/apt/lists/*
 ENTRYPOINT ["tini", "--"]
 
+# Download an SRS file to avoid download at runtime
+ENV AZTEC_SRS_PATH=/kzg10-aztec20-srs-1048584.bin
+RUN curl -LO https://github.com/EspressoSystems/ark-srs/releases/download/v0.2.0/$AZTEC_SRS_PATH
+
 COPY target/$TARGETARCH/release/sequencer /bin/sequencer
 RUN chmod +x /bin/sequencer
 
diff --git a/flake.lock b/flake.lock
index f46eff0cb..c34c4ec02 100644
--- a/flake.lock
+++ b/flake.lock
@@ -476,11 +476,11 @@
         "nixpkgs": "nixpkgs_6"
       },
       "locked": {
-        "lastModified": 1707530952,
-        "narHash": "sha256-t5Q418k3S2TpAMNl1pQWuKkSGOkkx0kWx7SGa7yyRtc=",
+        "lastModified": 1713838472,
+        "narHash": "sha256-lCdDz6/YgyXdFRHall3P+dCETRpfz3Pi9eREnA9RX6k=",
         "owner": "oxalica",
         "repo": "rust-overlay",
-        "rev": "49550275c3956b861dbb7cb83a732803f013bdbb",
+        "rev": "28a9436d356181603fb0d333565431c3d952f299",
         "type": "github"
       },
       "original": {
diff --git a/hotshot-state-prover/src/service.rs b/hotshot-state-prover/src/service.rs
index f3fefec4d..6aa1e7eea 100644
--- a/hotshot-state-prover/src/service.rs
+++ b/hotshot-state-prover/src/service.rs
@@ -385,20 +385,23 @@ pub async fn run_prover_service<Ver: StaticVersionType + 'static>(
         init_stake_table_from_orchestrator(&config.orchestrator_url, config.stake_table_capacity)
             .await,
     );
-    let proving_key = Arc::new(load_proving_key(config.stake_table_capacity));
-    let relay_server_client =
-        Arc::new(Client::<ServerError, Ver>::new(config.relay_server.clone()));
-    let config = Arc::new(config);
-    let update_interval = config.update_interval;
 
     tracing::info!("Light client address: {:?}", config.light_client_address);
+    let relay_server_client =
+        Arc::new(Client::<ServerError, Ver>::new(config.relay_server.clone()));
 
+    // Start the HTTP server to get a functioning healthcheck before any heavy computations.
     if let Some(port) = config.port {
         if let Err(err) = start_http_server(port, config.light_client_address, bind_version) {
             tracing::error!("Error starting http server: {}", err);
         }
     }
 
+    let proving_key = async_std::task::block_on(async move {
+        Arc::new(load_proving_key(config.stake_table_capacity))
+    });
+
+    let update_interval = config.update_interval;
     loop {
         let st = st.clone();
         let proving_key = proving_key.clone();
diff --git a/rust-toolchain.toml b/rust-toolchain.toml
index 5b1dee057..6dc822914 100644
--- a/rust-toolchain.toml
+++ b/rust-toolchain.toml
@@ -1,4 +1,4 @@
 [toolchain]
-channel = "1.76.0"
+channel = "stable"
 components = ["rustfmt", "llvm-tools-preview", "rust-src", "clippy"]
 profile = "minimal"
diff --git a/scripts/build-docker-images b/scripts/build-docker-images
index cb808de38..c45814f36 100755
--- a/scripts/build-docker-images
+++ b/scripts/build-docker-images
@@ -47,5 +47,5 @@ docker build -t ghcr.io/espressosystems/espresso-sequencer/sequencer:main -f doc
 docker build -t ghcr.io/espressosystems/espresso-sequencer/commitment-task:main -f docker/commitment-task.Dockerfile ${WORKDIR}
 docker build -t ghcr.io/espressosystems/espresso-sequencer/submit-transactions:main -f docker/submit-transactions.Dockerfile ${WORKDIR}
 docker build -t ghcr.io/espressosystems/espresso-sequencer/deploy:main -f docker/deploy.Dockerfile ${WORKDIR}
-docker build -t ghcr.io/espressosystems/espresso-sequencer/permissionless-builder:main -f docker/permissionless-builder.Dockerfile ${WORKDIR}
+docker build -t ghcr.io/espressosystems/espresso-sequencer/builder:main -f docker/permissionless-builder.Dockerfile ${WORKDIR}
 docker build -t ghcr.io/espressosystems/espresso-sequencer/nasty-client:main -f docker/nasty-client.Dockerfile ${WORKDIR}
diff --git a/scripts/build-docker-images-native b/scripts/build-docker-images-native
index 607bf3c0d..db70cb10e 100755
--- a/scripts/build-docker-images-native
+++ b/scripts/build-docker-images-native
@@ -51,11 +51,23 @@ case $KERNEL in
     cargo build --release
     ;;
   darwin)
-  # Build in docker container
+  # Use a different target directory for docker builds to avoid conflicts with
+  # native builds.
+  CARGO_TARGET_DIR=target/docker
+
+  # Build in docker container:
+  #   - RUSTFLAGS is needed for compilation.
+  #   - CARGO_TARGET_DIR is set to point to the location where the hosts
+  #     CARGO_TARGET_DIR is mounted.
+  #   - PWD is mounted to /work.
+  #   - Cargo registry and git directory are mounted to avoid re-downloading
+  #     dependencies.
   docker run \
-    -e RUST_LOG -e RUST_BACKTRACE -e RUSTFLAGS -e CARGO_TARGET_DIR \
-    -v $(pwd):/work \
-    -v $HOME/.cargo/registry:/root/.cargo/registry \
+    -e RUSTFLAGS \
+    -e CARGO_TARGET_DIR=/work/target/docker \
+    -v "$(pwd):/work" \
+    -v "$CARGO_HOME/registry:/usr/local/cargo/registry" \
+    -v "$CARGO_HOME/git:/usr/local/cargo/git" \
     -it ghcr.io/espressosystems/devops-rust:stable \
     bash -c "cd /work && cargo build --release"
     ;;
@@ -63,20 +75,19 @@ esac
 
 # Copy binaries to a temporary directory.
 WORKDIR=$(mktemp -d -t espresso-docker-build-XXXXXXXX)
-CONTRACTS_DIR="./contracts"
 
 trap "exit" INT TERM
 trap cleanup EXIT
 cleanup(){
-    rm -rfv ${WORKDIR}
+    rm -rfv "${WORKDIR}"
 }
 
-mkdir -p ${WORKDIR}/target/$ARCH/release
+mkdir -p "${WORKDIR}/target/$ARCH/release"
 for binary in "orchestrator" "cdn-broker" "cdn-marshal" "sequencer" "commitment-task" "submit-transactions" "reset-storage" "state-relay-server" "state-prover" "deploy" "keygen" "permissionless-builder" "nasty-client"; do
-  cp -v "${CARGO_TARGET_DIR}/release/$binary" ${WORKDIR}/target/$ARCH/release
+  cp -v "${CARGO_TARGET_DIR}/release/$binary" "${WORKDIR}/target/$ARCH/release"
   # Patch the interpreter for running without nix inside the ubuntu based docker image.
   if [ $KERNEL == "linux" ]; then
-    patchelf --set-interpreter $INTERPRETER ${WORKDIR}/target/$ARCH/release/$binary
+    patchelf --set-interpreter "$INTERPRETER" "${WORKDIR}/target/$ARCH/release/$binary"
   fi
 done
 
@@ -90,5 +101,5 @@ docker build --platform $PLATFORM -t ghcr.io/espressosystems/espresso-sequencer/
 docker build --platform $PLATFORM -t ghcr.io/espressosystems/espresso-sequencer/commitment-task:main -f docker/commitment-task.Dockerfile ${WORKDIR}
 docker build --platform $PLATFORM -t ghcr.io/espressosystems/espresso-sequencer/submit-transactions:main -f docker/submit-transactions.Dockerfile ${WORKDIR}
 docker build --platform $PLATFORM -t ghcr.io/espressosystems/espresso-sequencer/deploy:main -f docker/deploy.Dockerfile ${WORKDIR}
-docker build --platform $PLATFORM -t ghcr.io/espressosystems/espresso-sequencer/permissionless-builder:main -f docker/permissionless-builder.Dockerfile ${WORKDIR}
+docker build --platform $PLATFORM -t ghcr.io/espressosystems/espresso-sequencer/builder:main -f docker/permissionless-builder.Dockerfile ${WORKDIR}
 docker build --platform $PLATFORM -t ghcr.io/espressosystems/espresso-sequencer/nasty-client:main -f docker/nasty-client.Dockerfile ${WORKDIR}
diff --git a/sequencer/src/bin/deploy.rs b/sequencer/src/bin/deploy.rs
index f3dde0292..02939f289 100644
--- a/sequencer/src/bin/deploy.rs
+++ b/sequencer/src/bin/deploy.rs
@@ -145,7 +145,11 @@ async fn main() -> anyhow::Result<()> {
     }
 
     if let Some(out) = &opt.out {
-        let file = File::options().create(true).write(true).open(out)?;
+        let file = File::options()
+            .create(true)
+            .truncate(true)
+            .write(true)
+            .open(out)?;
         contracts.write(file)?;
     } else {
         contracts.write(stdout())?;
diff --git a/sequencer/src/bin/keygen.rs b/sequencer/src/bin/keygen.rs
index f8ead1eb4..f2bf8760c 100644
--- a/sequencer/src/bin/keygen.rs
+++ b/sequencer/src/bin/keygen.rs
@@ -138,7 +138,11 @@ fn main() -> anyhow::Result<()> {
         tracing::info!("generating new key set");
 
         let path = opts.out.join(format!("{index}.env"));
-        let mut file = File::options().write(true).create(true).open(&path)?;
+        let mut file = File::options()
+            .write(true)
+            .create(true)
+            .truncate(true)
+            .open(&path)?;
         opts.scheme.gen(seed, index as u64, &mut file)?;
 
         tracing::info!("private keys written to {}", path.display());
diff --git a/sequencer/src/block/payload.rs b/sequencer/src/block/payload.rs
index 0f73afdec..3a07cc3d1 100644
--- a/sequencer/src/block/payload.rs
+++ b/sequencer/src/block/payload.rs
@@ -355,7 +355,7 @@ mod test {
 
     fn check_basic_correctness<TableWord: TableWordTraits>() {
         // play with this
-        let test_cases = vec![
+        let test_cases = [
             // 1 namespace only
             vec![vec![5, 8, 8]], // 3 non-empty txs
             vec![vec![0, 8, 8]], // 1 empty tx at the beginning