core: Add touched address tracking to StateDB for tx filtering #601
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Arbitrum needs to track all addresses touched during transaction execution to support address-based filtering at the sequencer level. This enables compliance use cases where transactions interacting with certain addresses must be rejected before inclusion. The implementation follows the existing arbTxFilter pattern in ArbitrumExtraData, adding a touchedAddresses map that collects addresses during execution. Three methods are added to the StateDB interface: AddTouchedAddress, GetTouchedAddresses, and ClearTouchedAddresses. The collection is automatically cleared at transaction boundaries via SetTxContext.
Tristan-Wilson
changed the title
Tristan-Wilson
changed the title
Capture the beneficiary address in opSelfdestruct and opSelfdestruct6780 for transaction filtering.
tsahee
requested changes
Dec 26, 2025
core/vm/interface.go
Outdated
|
|
||
| // Arbitrum | ||
| AddTouchedAddress(addr common.Address) | ||
| GetTouchedAddresses() []common.Address |
Contributor
There was a problem hiding this comment.
After thinking a lot.. this has two problems:
- it does unnecessary work for normal chains where there is no filter required, and for normal nodes which aren't sequencers.
- it doesn't allow room for starting to check addresses while the transaction is being processed.
I think it's better to register an address filter inside the stateDB, so stateDB will pass immediately any touchedaddress to the filter, and the filter could chose to start checking in parallel or not. Also, normal nodes/chians will just use an oopFilter that will do nothing in relation to AddTouchedAddress.
In that case - GetTouchedAddresses and ClearTouchedAddresses are not needed. StateDb willl pass through IsTxFiltered and ClearTxFilter to the filter.
Member
Author
There was a problem hiding this comment.
Thanks for the comment, I think I've addressed it now and I think it simplifies the design a lot.
Implement address filtering that checks addresses immediately as they're touched during execution, rather than collecting them for later checking. The AddressFilter interface is registered in StateDB, and TouchAddress() checks the filter immediately, calling FilterTx() if the address is filtered.
tsahee
requested changes
Dec 29, 2025
core/state/statedb_arbitrum.go
Outdated
| // AddressFilter checks if addresses should be filtered from transactions. | ||
| // Used by Arbitrum for transaction filtering based on touched addresses. | ||
| type AddressFilter interface { | ||
| IsFiltered(addr common.Address) bool |
Contributor
There was a problem hiding this comment.
this requires the filter to return a synchronous response per address.
I want the filter to have (not exact names):
- TouchAddress - submits the address, called by TouchAddress (can also return an immediate filter if beneficiary, or possibly just an error)
- IsFiltered - checks if any address was filtered, called by IsTxFiletered
- ClearAddresses - resets previous addresses, called by ClearTxFiler
That way we could look in large databases using separate goroutines while main thread is executing.
Member
Author
There was a problem hiding this comment.
Addressed it with a stateless and stateful part of the filter.
Address review feedback requesting async-capable address filtering: - TouchAddress submits addresses for checking (can start async checks) - IsFiltered blocks until all checks complete and returns result - Fresh state created per-tx in SetTxContext (replaces ClearAddresses) This design allows implementations to check addresses in parallel using separate goroutines while the main thread executes, enabling lookups in large databases without blocking execution. The two-part interface (AddressChecker/AddressCheckerState) lets each implementation choose its own synchronization strategy (sync, WaitGroup, channels, batch RPC) without coupling StateDB to a specific pattern.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Arbitrum needs to track all addresses touched during transaction execution to support address-based filtering at the sequencer level. This enables compliance use cases on certain chains where transactions interacting with certain addresses must be rejected before inclusion.
The implementation follows the existing arbTxFilter pattern in ArbitrumExtraData, adding a touchedAddresses map that collects addresses during execution. Three methods are added to the StateDB interface: AddTouchedAddress, GetTouchedAddresses, and ClearTouchedAddresses. The collection is automatically cleared at transaction boundaries via SetTxContext.
SELFDESTRUCT is handled by adding the SELFDESTRUCT beneficiary to touched addresses. The beneficiary address is captured in opSelfdestruct and opSelfdestruct6780.
pulled in by OffchainLabs/nitro#4157
fixes: NIT-4221