-
Notifications
You must be signed in to change notification settings - Fork 5.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update EIP-7702: Prohibit nonce-changing opcodes #8538
base: master
Are you sure you want to change the base?
Conversation
File
|
@@ -57,7 +57,7 @@ At the start of executing the transaction, for each `[contract_code, y_parity, r | |||
2. Verify that the contract code of `signer` is empty. | |||
3. Set the contract code of `signer` to `contract_code`. | |||
|
|||
At the end of the transaction, set the `contract_code` of each `signer` back to empty. | |||
At the end of the transaction, set the `contract_code` of each `signer` back to empty. Any storage set for the `signer` must also be cleared. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd say not cleared, but prevent SSTORE in the first place. Otherwise it might have unintended consequences to code that assumes the SSTORE was not implicitly a TSTORE. See my Safe example in the EM thread.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Resharing my comment from the 7702 eip... Not so sure about the invariant because a contract that sets storage at initialization but also returns 0 bytes at initialization has no bytecode but has > 0 storage slots set. E.g
Returns no runtime code but definitely has something at storage slot 0 which if read via an rpc returns 0x01 |
Rational for this change is explained in the PR, but might deserve some discussion. All these are a transposition of a discussion that already happened on EIP-5806 (alghouth without all the attention/participation that EIP-7702 is getting today)
Restricting nonce-changing operation
Then Alice's nonce would increase, and the "normal" transaction would no longer be valid. This could DoS Alice's ability to use her EOA. It would also mess up with the mempool. Therefore, I strongly believe that these opcode MUST be restrited.
Restricting SSTORE
EDIT: The SSTORE part is the subject of #8539, no longer in this PR.
I understand people want to use SSTORE. I'm one of them, and I was very reluctant to add this restriction to EIP-5806. However, there is an invariant formulated somewhere (maybe @gballet can find the refenrence) that accounts without code SHOULD NOT have storage slot set. I believe this has to do with the transition to Verkle, or with safety assumption if permanent code is ever placed at this address. This restriction was recognised during the AA breakout session n°2.
I guess the proposed behavior is similar to what happens today if you use SSTORE in a contract that is selfdestructed within its construction transaction.
If you need persistent storage, you can use a third party contract that holds it for you