feat(host-rpc): add RpcAliasOracle with shared positive-result cache (#114)

prestwich · claude · web-flow · commit e58c6568084a · 2026-03-23T20:15:06.000Z
* chore(host-rpc): add signet-block-processor and eyre dependencies

* feat(host-rpc): add RpcAliasOracle and RpcAliasOracleFactory

* refactor(host-rpc): collapse oracle types and add positive-result cache

Merge RpcAliasOracle and RpcAliasOracleFactory into a single
RpcAliasOracle type that implements both traits. Add a shared
Arc&lt;RwLock&lt;HashSet&gt;&gt; cache for positive results — once an address
is confirmed as a non-delegation contract, subsequent lookups
return immediately without an RPC call.

Co-Authored-By: Claude Opus 4.6 (1M context) &lt;noreply@anthropic.com&gt;

* fix(host-rpc): address review feedback on RpcAliasOracle

- Validate exact 23-byte length for EIP-7702 delegation detection
- Add #[instrument] span on should_alias with debug events
- Document std::sync::RwLock safety invariant (guards dropped before .await)
- Extract should_alias_bytecode for testability, add 6 unit tests

Co-Authored-By: Claude Opus 4.6 (1M context) &lt;noreply@anthropic.com&gt;

---------

Co-authored-by: Claude Opus 4.6 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/crates/host-rpc/Cargo.toml b/crates/host-rpc/Cargo.toml
@@ -10,11 +10,13 @@ homepage.workspace = true
 repository.workspace = true
 
 [dependencies]
+signet-block-processor.workspace = true
 signet-node-types.workspace = true
 signet-extract.workspace = true
 signet-types.workspace = true
 
 alloy.workspace = true
+eyre.workspace = true
 init4-bin-base.workspace = true
 futures-util.workspace = true
 metrics.workspace = true
diff --git a/crates/host-rpc/src/alias.rs b/crates/host-rpc/src/alias.rs
@@ -0,0 +1,139 @@
+use alloy::{
+    eips::eip7702::constants::EIP7702_DELEGATION_DESIGNATOR,
+    primitives::{Address, map::HashSet},
+    providers::Provider,
+};
+use signet_block_processor::{AliasOracle, AliasOracleFactory};
+use std::sync::{Arc, RwLock};
+use tracing::{debug, instrument};
+
+/// EIP-7702 delegation bytecode is exactly 23 bytes: 3-byte designator +
+/// 20-byte address.
+const EIP7702_DELEGATION_LEN: usize = 23;
+
+/// An RPC-backed [`AliasOracle`] and [`AliasOracleFactory`].
+///
+/// Checks whether an address has non-delegation bytecode by fetching the
+/// code at the address via `eth_getCode`. Addresses with no code or with
+/// EIP-7702 delegation code are not aliased; addresses with any other
+/// bytecode are.
+///
+/// Positive results (address is a contract) are cached in a shared set.
+/// Contract status is permanent — an address cannot stop being a
+/// contract — so cached positives never go stale. All clones (including
+/// those produced by [`AliasOracleFactory::create`]) share the same
+/// cache.
+///
+/// Querying at `latest` is safe because alias status is stable across
+/// blocks: an EOA cannot become a non-delegation contract without a
+/// birthday attack (c.f. EIP-3607), and EIP-7702 delegations are
+/// excluded by the delegation designator check. Even in the
+/// (computationally infeasible ~2^80) birthday attack scenario, the
+/// result is a benign false-positive (over-aliasing), never a dangerous
+/// false-negative.
+#[derive(Debug, Clone)]
+pub struct RpcAliasOracle<P> {
+    provider: P,
+    /// Shared cache of addresses known to be non-delegation contracts.
+    cache: Arc<RwLock<HashSet<Address>>>,
+}
+
+impl<P> RpcAliasOracle<P> {
+    /// Create a new [`RpcAliasOracle`] from an alloy provider.
+    pub fn new(provider: P) -> Self {
+        Self { provider, cache: Arc::new(RwLock::new(HashSet::default())) }
+    }
+}
+
+/// Classify bytecode: returns `true` if the code belongs to a
+/// non-delegation contract that should be aliased.
+fn should_alias_bytecode(code: &[u8]) -> bool {
+    if code.is_empty() {
+        return false;
+    }
+    // EIP-7702 delegation: exactly 23 bytes starting with the designator.
+    if code.len() == EIP7702_DELEGATION_LEN && code.starts_with(&EIP7702_DELEGATION_DESIGNATOR) {
+        return false;
+    }
+    true
+}
+
+impl<P: Provider + Clone + 'static> AliasOracle for RpcAliasOracle<P> {
+    #[instrument(skip(self), fields(%address))]
+    async fn should_alias(&self, address: Address) -> eyre::Result<bool> {
+        // NOTE: `std::sync::RwLock` is safe here because guards are always
+        // dropped before the `.await` point. Do not hold a guard across the
+        // `get_code_at` call — it will deadlock on single-threaded runtimes.
+
+        // Check cache first — if we've seen this address as a contract, skip RPC.
+        if self.cache.read().expect("cache poisoned").contains(&address) {
+            debug!("cache hit");
+            return Ok(true);
+        }
+
+        let code = self.provider.get_code_at(address).await?;
+        let alias = should_alias_bytecode(&code);
+        debug!(code_len = code.len(), alias, "resolved");
+
+        if alias {
+            self.cache.write().expect("cache poisoned").insert(address);
+        }
+
+        Ok(alias)
+    }
+}
+
+impl<P: Provider + Clone + 'static> AliasOracleFactory for RpcAliasOracle<P> {
+    type Oracle = Self;
+
+    fn create(&self) -> eyre::Result<Self::Oracle> {
+        Ok(self.clone())
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use alloy::eips::eip7702::constants::EIP7702_CLEARED_DELEGATION;
+
+    #[test]
+    fn empty_code_is_not_aliased() {
+        assert!(!should_alias_bytecode(&[]));
+    }
+
+    #[test]
+    fn valid_delegation_is_not_aliased() {
+        // 3-byte designator + 20-byte address = 23 bytes
+        let mut delegation = [0u8; 23];
+        delegation[..3].copy_from_slice(&EIP7702_DELEGATION_DESIGNATOR);
+        delegation[3..].copy_from_slice(&[0xAB; 20]);
+        assert!(!should_alias_bytecode(&delegation));
+    }
+
+    #[test]
+    fn cleared_delegation_is_not_aliased() {
+        assert!(!should_alias_bytecode(&EIP7702_CLEARED_DELEGATION));
+    }
+
+    #[test]
+    fn contract_bytecode_is_aliased() {
+        // Typical contract: starts with PUSH, not 0xef
+        assert!(should_alias_bytecode(&[0x60, 0x80, 0x60, 0x40, 0x52]));
+    }
+
+    #[test]
+    fn short_ef_prefix_is_aliased() {
+        // Only 3 bytes starting with the designator — not a valid 23-byte
+        // delegation, so it should be treated as a contract.
+        assert!(should_alias_bytecode(&EIP7702_DELEGATION_DESIGNATOR));
+    }
+
+    #[test]
+    fn long_ef_prefix_is_aliased() {
+        // 24 bytes starting with the designator — too long to be a
+        // delegation, so it should be treated as a contract.
+        let mut long = [0u8; 24];
+        long[..3].copy_from_slice(&EIP7702_DELEGATION_DESIGNATOR);
+        assert!(should_alias_bytecode(&long));
+    }
+}
diff --git a/crates/host-rpc/src/lib.rs b/crates/host-rpc/src/lib.rs
@@ -31,3 +31,6 @@ pub use notifier::RpcHostNotifier;
 mod segment;
 pub use segment::{RpcBlock, RpcChainSegment};
 mod metrics;
+
+mod alias;
+pub use alias::RpcAliasOracle;
