fix: make CheckAccessList sender parameter optional for backward compat

karlfloersch · claude · karlfloersch · commit b136257eb3a7 · 2026-03-27T17:04:30.000-04:00
op-geth (v1.101701.0-rc.3) calls supervisor_checkAccessList with 3 args
but the sender allow-listing PR changed the RPC to require 4. This
parameter count mismatch caused ALL interop transactions to be filtered,
breaking the TestInteropBlockBuilding/with_mempool_filtering e2e test.

Change sender from common.Address to *common.Address, which makes it
optional in go-ethereum's RPC framework. Old callers (op-geth) omit the
sender and get nil; new callers (op-reth) pass it explicitly.

Co-Authored-By: Claude Opus 4.6 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/op-acceptance-tests/tests/interop/upgrade/pre_test.go b/op-acceptance-tests/tests/interop/upgrade/pre_test.go
@@ -105,7 +105,7 @@ func TestPreNoInbox(gt *testing.T) {
 		accessEntries := []stypes.Access{execTrigger.Msg.Access()}
 		accessList := stypes.EncodeAccessList(accessEntries)
 
-		err = sys.Supervisor.Escape().QueryAPI().CheckAccessList(ctx, accessList, stypes.CrossSafe, ed, common.Address{})
+		err = sys.Supervisor.Escape().QueryAPI().CheckAccessList(ctx, accessList, stypes.CrossSafe, ed, nil)
 		require.ErrorContains(err, "conflicting data")
 	}
 
diff --git a/op-e2e/interop/interop_test.go b/op-e2e/interop/interop_test.go
@@ -237,13 +237,13 @@ func TestInterop_EmitLogs(t *testing.T) {
 		timestamp := uint64(time.Now().Unix())
 		ed := types.ExecutingDescriptor{Timestamp: timestamp, ChainID: eth.ChainIDFromBig(s2.ChainID(chainB))}
 		ctx = context.Background()
-		err = supervisor.CheckAccessList(ctx, accessList, types.CrossSafe, ed, common.Address{})
+		err = supervisor.CheckAccessList(ctx, accessList, types.CrossSafe, ed, nil)
 		require.NoError(t, err, "logsA must all be cross-safe")
 
 		// a log should be invalid if the timestamp is incorrect
 		accessEntries[0].Timestamp = 333
 		accessList = types.EncodeAccessList(accessEntries)
-		err = supervisor.CheckAccessList(ctx, accessList, types.CrossSafe, ed, common.Address{})
+		err = supervisor.CheckAccessList(ctx, accessList, types.CrossSafe, ed, nil)
 		require.ErrorContains(t, err, "conflict")
 	}
 	config := SuperSystemConfig{
diff --git a/op-interop-filter/filter/backend.go b/op-interop-filter/filter/backend.go
@@ -139,7 +139,7 @@ func supportedSafetyLevel(level types.SafetyLevel) bool {
 
 // CheckAccessList validates the given access list entries.
 func (b *Backend) CheckAccessList(ctx context.Context, inboxEntries []common.Hash,
-	minSafety types.SafetyLevel, execDescriptor types.ExecutingDescriptor, sender common.Address) error {
+	minSafety types.SafetyLevel, execDescriptor types.ExecutingDescriptor, sender *common.Address) error {
 
 	if b.passthrough {
 		b.metrics.RecordCheckAccessList(true)
@@ -167,8 +167,12 @@ func (b *Backend) CheckAccessList(ctx context.Context, inboxEntries []common.Has
 		return fmt.Errorf("executing chain %s: %w", execDescriptor.ChainID, types.ErrUnknownChain)
 	}
 
-	if !b.senderPolicy.Allows(sender) {
-		b.log.Debug("Rejecting interop tx from unauthorized sender", "sender", sender)
+	senderAddr := common.Address{}
+	if sender != nil {
+		senderAddr = *sender
+	}
+	if !b.senderPolicy.Allows(senderAddr) {
+		b.log.Debug("Rejecting interop tx from unauthorized sender", "sender", senderAddr)
 		b.metrics.RecordCheckAccessList(false)
 		return fmt.Errorf("%w: %s", types.ErrUnauthorizedSender, sender)
 	}
diff --git a/op-interop-filter/filter/backend_test.go b/op-interop-filter/filter/backend_test.go
@@ -204,29 +204,29 @@ func TestBackend_CheckAccessList(t *testing.T) {
 	// Failsafe enabled returns error
 	backend, _ := newTestBackendWithMockChain(testChainA)
 	backend.SetFailsafeEnabled(true)
-	err := backend.CheckAccessList(context.Background(), nil, types.LocalUnsafe, makeExecDescriptor(testChainA, 100, 0), testAllowedSender)
+	err := backend.CheckAccessList(context.Background(), nil, types.LocalUnsafe, makeExecDescriptor(testChainA, 100, 0), &testAllowedSender)
 	require.ErrorIs(t, err, types.ErrFailsafeEnabled)
 
 	// Not ready returns error
 	backend = newTestBackend() // No chains = not ready
-	err = backend.CheckAccessList(context.Background(), nil, types.LocalUnsafe, makeExecDescriptor(testChainA, 100, 0), testAllowedSender)
+	err = backend.CheckAccessList(context.Background(), nil, types.LocalUnsafe, makeExecDescriptor(testChainA, 100, 0), &testAllowedSender)
 	require.ErrorIs(t, err, types.ErrUninitialized)
 
 	// Unsupported safety level returns error
 	backend, mock := newTestBackendWithMockChain(testChainA)
 	mock.SetReady(true)
-	err = backend.CheckAccessList(context.Background(), nil, types.Finalized, makeExecDescriptor(testChainA, 100, 0), testAllowedSender)
+	err = backend.CheckAccessList(context.Background(), nil, types.Finalized, makeExecDescriptor(testChainA, 100, 0), &testAllowedSender)
 	require.Error(t, err)
 	require.Contains(t, err.Error(), "unsupported safety level")
 
 	// Unknown executing chain returns error
 	mock.SetLatestTimestamp(200)
 	unknownChainID := uint64(999)
-	err = backend.CheckAccessList(context.Background(), nil, types.LocalUnsafe, makeExecDescriptor(unknownChainID, 150, 0), testAllowedSender)
+	err = backend.CheckAccessList(context.Background(), nil, types.LocalUnsafe, makeExecDescriptor(unknownChainID, 150, 0), &testAllowedSender)
 	require.ErrorIs(t, err, types.ErrUnknownChain)
 
 	// LocalUnsafe with empty access list passes
-	err = backend.CheckAccessList(context.Background(), nil, types.LocalUnsafe, makeExecDescriptor(testChainA, 150, 0), testAllowedSender)
+	err = backend.CheckAccessList(context.Background(), nil, types.LocalUnsafe, makeExecDescriptor(testChainA, 150, 0), &testAllowedSender)
 	require.NoError(t, err)
 }
 
@@ -236,7 +236,7 @@ func TestBackend_CheckAccessList_RejectsUnauthorizedSender(t *testing.T) {
 	mock.SetLatestTimestamp(200)
 	backend.senderPolicy = mustParseTestSenderPolicy(t, common.HexToAddress("0x9999999999999999999999999999999999999999").Hex())
 
-	err := backend.CheckAccessList(context.Background(), nil, types.LocalUnsafe, makeExecDescriptor(testChainA, 150, 0), testAllowedSender)
+	err := backend.CheckAccessList(context.Background(), nil, types.LocalUnsafe, makeExecDescriptor(testChainA, 150, 0), &testAllowedSender)
 	require.ErrorIs(t, err, types.ErrUnauthorizedSender)
 }
 
@@ -246,7 +246,7 @@ func TestBackend_CheckAccessList_AllowsConfiguredSender(t *testing.T) {
 	mock.SetLatestTimestamp(200)
 	backend.senderPolicy = mustParseTestSenderPolicy(t, testAllowedSender.Hex())
 
-	err := backend.CheckAccessList(context.Background(), nil, types.LocalUnsafe, makeExecDescriptor(testChainA, 150, 0), testAllowedSender)
+	err := backend.CheckAccessList(context.Background(), nil, types.LocalUnsafe, makeExecDescriptor(testChainA, 150, 0), &testAllowedSender)
 	require.NoError(t, err)
 }
 
@@ -256,6 +256,7 @@ func TestBackend_CheckAccessList_AllowsWildcardSenderPolicy(t *testing.T) {
 	mock.SetLatestTimestamp(200)
 	backend.senderPolicy = mustParseTestSenderPolicy(t, "*")
 
-	err := backend.CheckAccessList(context.Background(), nil, types.LocalUnsafe, makeExecDescriptor(testChainA, 150, 0), common.HexToAddress("0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"))
+	anySender := common.HexToAddress("0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa")
+	err := backend.CheckAccessList(context.Background(), nil, types.LocalUnsafe, makeExecDescriptor(testChainA, 150, 0), &anySender)
 	require.NoError(t, err)
 }
diff --git a/op-interop-filter/filter/frontend.go b/op-interop-filter/filter/frontend.go
@@ -18,7 +18,7 @@ type QueryFrontend struct {
 
 // CheckAccessList validates interop executing messages
 func (f *QueryFrontend) CheckAccessList(ctx context.Context, inboxEntries []common.Hash,
-	minSafety types.SafetyLevel, executingDescriptor types.ExecutingDescriptor, sender common.Address) error {
+	minSafety types.SafetyLevel, executingDescriptor types.ExecutingDescriptor, sender *common.Address) error {
 
 	err := f.backend.CheckAccessList(ctx, inboxEntries, minSafety, executingDescriptor, sender)
 	if err != nil {
diff --git a/op-service/apis/supervisor.go b/op-service/apis/supervisor.go
@@ -26,7 +26,7 @@ type SupervisorAdminAPI interface {
 
 type SupervisorQueryAPI interface {
 	CheckAccessList(ctx context.Context, inboxEntries []common.Hash,
-		minSafety types.SafetyLevel, executingDescriptor types.ExecutingDescriptor, sender common.Address) error
+		minSafety types.SafetyLevel, executingDescriptor types.ExecutingDescriptor, sender *common.Address) error
 	CrossDerivedToSource(ctx context.Context, chainID eth.ChainID, derived eth.BlockID) (derivedFrom eth.BlockRef, err error)
 	LocalUnsafe(ctx context.Context, chainID eth.ChainID) (eth.BlockID, error)
 	LocalSafe(ctx context.Context, chainID eth.ChainID) (result types.DerivedIDPair, err error)
diff --git a/op-service/sources/supervisor_client.go b/op-service/sources/supervisor_client.go
@@ -74,7 +74,7 @@ func (cl *SupervisorClient) GetFailsafeEnabled(ctx context.Context) (bool, error
 }
 
 func (cl *SupervisorClient) CheckAccessList(ctx context.Context, inboxEntries []common.Hash,
-	minSafety types.SafetyLevel, executingDescriptor types.ExecutingDescriptor, sender common.Address) error {
+	minSafety types.SafetyLevel, executingDescriptor types.ExecutingDescriptor, sender *common.Address) error {
 	return cl.client.CallContext(ctx, nil, "supervisor_checkAccessList", inboxEntries, minSafety, executingDescriptor, sender)
 }
 
diff --git a/op-supervisor/supervisor/backend/backend.go b/op-supervisor/supervisor/backend/backend.go
@@ -567,7 +567,7 @@ func (su *SupervisorBackend) checkSafety(chainID eth.ChainID, blockID eth.BlockI
 }
 
 func (su *SupervisorBackend) CheckAccessList(ctx context.Context, inboxEntries []common.Hash,
-	minSafety types.SafetyLevel, execDescr types.ExecutingDescriptor, sender common.Address) error {
+	minSafety types.SafetyLevel, execDescr types.ExecutingDescriptor, sender *common.Address) error {
 	_ = sender
 	// Check if failsafe is enabled
 	if su.isFailsafeEnabled() {
diff --git a/op-supervisor/supervisor/backend/backend_test.go b/op-supervisor/supervisor/backend/backend_test.go
@@ -631,7 +631,7 @@ func TestFailsafeEnabled(t *testing.T) {
 	require.False(t, enabled, "failsafe should be disabled by default")
 
 	// Test that CheckAccessList works normally in initial state
-	err = b.CheckAccessList(context.Background(), []common.Hash{}, types.LocalUnsafe, types.ExecutingDescriptor{}, common.Address{})
+	err = b.CheckAccessList(context.Background(), []common.Hash{}, types.LocalUnsafe, types.ExecutingDescriptor{}, nil)
 	require.NoError(t, err, "CheckAccessList should work normally when failsafe is disabled")
 
 	// Test setting failsafe to true
@@ -642,7 +642,7 @@ func TestFailsafeEnabled(t *testing.T) {
 	require.True(t, enabled, "failsafe should be enabled after setting to true")
 
 	// Test that CheckAccessList returns ErrFailsafeEnabled when failsafe is enabled
-	err = b.CheckAccessList(context.Background(), []common.Hash{}, types.LocalUnsafe, types.ExecutingDescriptor{}, common.Address{})
+	err = b.CheckAccessList(context.Background(), []common.Hash{}, types.LocalUnsafe, types.ExecutingDescriptor{}, nil)
 	require.ErrorIs(t, err, types.ErrFailsafeEnabled, "CheckAccessList should return ErrFailsafeEnabled when failsafe is enabled")
 
 	// Test setting failsafe to false
@@ -653,7 +653,7 @@ func TestFailsafeEnabled(t *testing.T) {
 	require.False(t, enabled, "failsafe should be disabled after setting to false")
 
 	// Test that CheckAccessList works normally when failsafe is disabled
-	err = b.CheckAccessList(context.Background(), []common.Hash{}, types.LocalUnsafe, types.ExecutingDescriptor{}, common.Address{})
+	err = b.CheckAccessList(context.Background(), []common.Hash{}, types.LocalUnsafe, types.ExecutingDescriptor{}, nil)
 	require.NoError(t, err, "CheckAccessList should work normally when failsafe is disabled")
 }
 
diff --git a/op-supervisor/supervisor/backend/mock.go b/op-supervisor/supervisor/backend/mock.go
@@ -47,7 +47,7 @@ func (m *MockBackend) AddL2RPC(ctx context.Context, rpc string, jwtSecret eth.By
 }
 
 func (m *MockBackend) CheckAccessList(ctx context.Context, inboxEntries []common.Hash,
-	minSafety types.SafetyLevel, executingDescriptor types.ExecutingDescriptor, sender common.Address) error {
+	minSafety types.SafetyLevel, executingDescriptor types.ExecutingDescriptor, sender *common.Address) error {
 	_ = sender
 	return nil
 }
diff --git a/op-supervisor/supervisor/frontend/frontend.go b/op-supervisor/supervisor/frontend/frontend.go
@@ -24,7 +24,7 @@ type QueryFrontend struct {
 var _ apis.SupervisorQueryAPI = (*QueryFrontend)(nil)
 
 func (q *QueryFrontend) CheckAccessList(ctx context.Context, inboxEntries []common.Hash,
-	minSafety types.SafetyLevel, executingDescriptor types.ExecutingDescriptor, sender common.Address) error {
+	minSafety types.SafetyLevel, executingDescriptor types.ExecutingDescriptor, sender *common.Address) error {
 	err := q.Supervisor.CheckAccessList(ctx, inboxEntries, minSafety, executingDescriptor, sender)
 	if err != nil {
 		return &rpc.JsonError{
diff --git a/rust/kona/tests/supervisor/pre_interop/pre_test.go b/rust/kona/tests/supervisor/pre_interop/pre_test.go
@@ -101,7 +101,7 @@ func TestPreNoInbox(gt *testing.T) {
 		accessEntries := []stypes.Access{execTrigger.Msg.Access()}
 		accessList := stypes.EncodeAccessList(accessEntries)
 
-		err = sys.Supervisor.Escape().QueryAPI().CheckAccessList(ctx, accessList, stypes.CrossSafe, ed, common.Address{})
+		err = sys.Supervisor.Escape().QueryAPI().CheckAccessList(ctx, accessList, stypes.CrossSafe, ed, nil)
 		require.ErrorContains(err, "conflicting data")
 	}
 

Original file line number	Diff line number	Diff line change
`@@ -105,7 +105,7 @@ func TestPreNoInbox(gt *testing.T) {`
`105`	`105`	`accessEntries := []stypes.Access{execTrigger.Msg.Access()}`
`106`	`106`	`accessList := stypes.EncodeAccessList(accessEntries)`
`107`	`107`
`108`		`- err = sys.Supervisor.Escape().QueryAPI().CheckAccessList(ctx, accessList, stypes.CrossSafe, ed, common.Address{})`
	`108`	`+ err = sys.Supervisor.Escape().QueryAPI().CheckAccessList(ctx, accessList, stypes.CrossSafe, ed, nil)`
`109`	`109`	`require.ErrorContains(err, "conflicting data")`
`110`	`110`	`}`
`111`	`111`
Original file line number	Diff line number	Diff line change
`@@ -74,7 +74,7 @@ func (cl *SupervisorClient) GetFailsafeEnabled(ctx context.Context) (bool, error`
`74`	`74`	`}`
`75`	`75`
`76`	`76`	`func (cl *SupervisorClient) CheckAccessList(ctx context.Context, inboxEntries []common.Hash,`
`77`		`- minSafety types.SafetyLevel, executingDescriptor types.ExecutingDescriptor, sender common.Address) error {`
	`77`	`+ minSafety types.SafetyLevel, executingDescriptor types.ExecutingDescriptor, sender *common.Address) error {`
`78`	`78`	`return cl.client.CallContext(ctx, nil, "supervisor_checkAccessList", inboxEntries, minSafety, executingDescriptor, sender)`
`79`	`79`	`}`
`80`	`80`
Original file line number	Diff line number	Diff line change
`@@ -567,7 +567,7 @@ func (su *SupervisorBackend) checkSafety(chainID eth.ChainID, blockID eth.BlockI`
`567`	`567`	`}`
`568`	`568`
`569`	`569`	`func (su *SupervisorBackend) CheckAccessList(ctx context.Context, inboxEntries []common.Hash,`
`570`		`- minSafety types.SafetyLevel, execDescr types.ExecutingDescriptor, sender common.Address) error {`
	`570`	`+ minSafety types.SafetyLevel, execDescr types.ExecutingDescriptor, sender *common.Address) error {`
`571`	`571`	`_ = sender`
`572`	`572`	`// Check if failsafe is enabled`
`573`	`573`	`if su.isFailsafeEnabled() {`
Original file line number	Diff line number	Diff line change
`@@ -47,7 +47,7 @@ func (m *MockBackend) AddL2RPC(ctx context.Context, rpc string, jwtSecret eth.By`
`47`	`47`	`}`
`48`	`48`
`49`	`49`	`func (m *MockBackend) CheckAccessList(ctx context.Context, inboxEntries []common.Hash,`
`50`		`- minSafety types.SafetyLevel, executingDescriptor types.ExecutingDescriptor, sender common.Address) error {`
	`50`	`+ minSafety types.SafetyLevel, executingDescriptor types.ExecutingDescriptor, sender *common.Address) error {`
`51`	`51`	`_ = sender`
`52`	`52`	`return nil`
`53`	`53`	`}`