diff --git a/chain/types/blockheader.go b/chain/types/blockheader.go
index 86d516f98..a5940d9e6 100644
--- a/chain/types/blockheader.go
+++ b/chain/types/blockheader.go
@@ -69,6 +69,9 @@ type BlockHeader struct {
 	BlockSig *crypto.Signature // 13
 
 	ForkSignaling uint64 // 14
+
+	// internal
+	validated bool // true if the signature has been validated
 }
 
 func (b *BlockHeader) ToStorageBlock() (block.Block, error) {
@@ -124,6 +127,14 @@ func (blk *BlockHeader) SigningBytes() ([]byte, error) {
 	return blkcopy.Serialize()
 }
 
+func (blk *BlockHeader) SetValidated() {
+	blk.validated = true
+}
+
+func (blk *BlockHeader) IsValidated() bool {
+	return blk.validated
+}
+
 type MsgMeta struct {
 	BlsMessages   cid.Cid
 	SecpkMessages cid.Cid
diff --git a/lib/sigs/sigs.go b/lib/sigs/sigs.go
index 5b304542d..2f624ed76 100644
--- a/lib/sigs/sigs.go
+++ b/lib/sigs/sigs.go
@@ -72,6 +72,10 @@ func CheckBlockSignature(blk *types.BlockHeader, ctx context.Context, worker add
 	_, span := trace.StartSpan(ctx, "checkBlockSignature")
 	defer span.End()
 
+	if blk.IsValidated() {
+		return nil
+	}
+
 	if blk.BlockSig == nil {
 		return xerrors.New("block signature not present")
 	}
@@ -81,8 +85,12 @@ func CheckBlockSignature(blk *types.BlockHeader, ctx context.Context, worker add
 		return xerrors.Errorf("failed to get block signing bytes: %w", err)
 	}
 
-	_ = sigb
-	return Verify(blk.BlockSig, worker, sigb)
+	err = Verify(blk.BlockSig, worker, sigb)
+	if err == nil {
+		blk.SetValidated()
+	}
+
+	return err
 }
 
 // SigShim is used for introducing signature functions