Add address-based transaction filtering for sequencer #4157
+473
−2
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Implement infrastructure for filtering transactions based on addresses touched during execution. This supports compliance use cases on certain chains where transactions interacting with certain addresses must be rejected by the sequencer before inclusion. Addresses are collected during execution via TxProcessor.PushContract, which captures the contract address and caller for every CALL, STATICCALL, CREATE, and CREATE2 operation. The sequencer's postTxFilter then checks all collected addresses (plus tx.From and tx.To) against a configurable AddressFilter interface. DELEGATECALL and CALLCODE are intentionally not filtered as they only borrow code from the target address without any actual interaction. A StaticFilter implementation is provided for testing and as a demonstration for future integration.
Codecov Report❌ Patch coverage is Additional details and impacted files@@ Coverage Diff @@
## master #4157 +/- ##
==========================================
- Coverage 33.41% 33.11% -0.31%
==========================================
Files 461 462 +1
Lines 55901 55932 +31
==========================================
- Hits 18681 18522 -159
- Misses 33921 34151 +230
+ Partials 3299 3259 -40 |
❌ 4 Tests Failed:
View the top 3 failed tests by shortest run time
📣 Thoughts on this report? Let Codecov know! | Powered by Codecov |
MishkaRogachev
force-pushed
the
tx-address-filtering
branch
from
c874954 to
af1cd36
Compare
All address filtering now goes through statedb.TouchAddress() and the arbTxFilter mechanism. preTxFilter uses TouchAddress for from/to addresses, while execution uses it for contract calls, creates, and selfdestruct. The filter now lives in ExecutionEngine to simplify setting up statedb with the filter.
Tristan-Wilson
force-pushed
the
tx-address-filtering
branch
from
af1cd36 to
2adc835
Compare
tsahee
requested changes
Dec 29, 2025
| return nil, err | ||
| } | ||
| if s.addressFilter != nil { | ||
| statedb.SetAddressFilter(s.addressFilter) |
Contributor
There was a problem hiding this comment.
we also need to apply the filter in sequenceDelayedMessageWithBlockMutex (and test it)
Member
Author
There was a problem hiding this comment.
Will work on it, otherwise in the meantime maybe we can merge this PR if it looks good and do that in a separate PR?
tsahee
requested changes
Dec 29, 2025
txfilter/filter.go
Outdated
| return &StaticFilter{addresses: m} | ||
| } | ||
|
|
||
| func (f *StaticFilter) IsFiltered(addr common.Address) bool { |
Contributor
There was a problem hiding this comment.
see comments in geth about the interface
Address review feedback requesting async-capable address filtering: - TouchAddress submits addresses for checking (can start async checks) - IsFiltered blocks until all checks complete and returns result - Fresh state created per-tx in SetTxContext (replaces ClearAddresses) This design allows implementations to check addresses in parallel using separate goroutines while the main thread executes, enabling lookups in large databases without blocking execution.
Any commits made after this event will not be merged.
github-merge-queue
bot
removed this pull request from the merge queue due to no response for status checks
Any commits made after this event will not be merged.
github-merge-queue
bot
removed this pull request from the merge queue due to failed status checks
Any commits made after this event will not be merged.
github-merge-queue
bot
removed this pull request from the merge queue due to no response for status checks
Any commits made after this event will not be merged.
github-merge-queue
bot
removed this pull request from the merge queue due to failed status checks
Any commits made after this event will not be merged.
github-merge-queue
bot
removed this pull request from the merge queue due to failed status checks
Any commits made after this event will not be merged.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Implement infrastructure for filtering transactions based on addresses touched during execution. This supports compliance use cases on certain chains where transactions interacting with certain addresses must be rejected by the sequencer before inclusion.
Addresses are collected during execution via TxProcessor.PushContract, which captures the contract address and caller for every CALL, STATICCALL, CREATE, and CREATE2 operation. The sequencer's postTxFilter then checks all collected addresses (plus tx.From and tx.To) against a configurable AddressFilter interface.
SELFDESTRUCT is handled on the geth side by capturing the beneficiary address in opSelfdestruct and opSelfdestruct6780.
DELEGATECALL and CALLCODE are intentionally not filtered as they only borrow code from the target address without any actual interaction.
A StaticFilter implementation is provided for testing and as a demonstration for future integration.
pulls in OffchainLabs/go-ethereum#601
fixes: NIT-4221