Add EIP: EOF - EXTCODEADDRESS instruction #9342
Conversation
Add an instruction to EOF that reads code delegation designations from the account without requiring code introspection.
github-actions
bot
added
c-new
File
|
eth-bot
added
e-consensus
|
The commit 8c86b82 (as a parent of c6b3f75) contains errors. |
EIPS/eip-7880.md
Outdated
|
|
||
| | Constant | Value | | ||
| |---------------------------|--------------------------------------------------------------------| | ||
| | `FORK_BLKNUM` | tbd | |
There was a problem hiding this comment.
Forks are done based on timestamp rather than block number
There was a problem hiding this comment.
also we don't now mention a block num/timestamp constant which would need to be updated. we can say on activation of this EIP if this is just a standard timestamp hf activation, else just refer to FORK_TIMESTAMP if needed for a fork boundary logic
There was a problem hiding this comment.
Good catch. On deeper reflection referring to a specific activation block or timestamp is also not quite right, we should be referenceing the block the fork is activated, which will be different on mainnet, devnets, and L2s.
Reworded it to reference fork activation, agnostic of how it is activagted.
|
|
||
| Add an instruction to EOF that reads code delegation designations from an account without requiring code introspection. | ||
|
|
||
| ## Motivation |
There was a problem hiding this comment.
To me, the motivation skips the case, out of which the entire premise of delegation introspection came about: https://hackmd.io/@otim/H1Q7yCHDyl#Why-is-%E2%80%9Cdelegation-introspection%E2%80%9D-useful . Without EXTCODEADDRESS, when an untrusted 7702 address is called, that call can be frontrun with a SetCode tx making it point to a different, malicious implementation.
| - Notice: if [EIP-7702] delegation designations are updated in a future fork (such as allowing chained delegations), then this section is expected to comply with any such hypothetical changes. | ||
| - Otherwise, push `target_adress` onto the stack. | ||
|
|
||
| Note: If `target_address` or the delegation designator points to an account with a contract mid-creation then the code is empty and returns `0` (`TYPE_NONE`). This is aligned with similar behavior of instructions like `EXTCODESIZE`. |
There was a problem hiding this comment.
should it also be added in form of a note, that EXTCODEADDRESS belongs (somewhat awkwardly) to the group of code executing instructions, in the language of 7702
There was a problem hiding this comment.
I don't think it's necessary, and would be awkward indeed
| status: Draft | ||
| type: Standards Track | ||
| category: Core | ||
| created: 2024-09-01 |
There was a problem hiding this comment.
| created: 2024-09-01 | |
| created: 2025-02-08 |
| - Notice: Future expansion of the EVM address space may enlarge the number of valid addresses. Do not rely on this step always halting with the current restrictions. | ||
| - deduct `GAS_COLD_ACCOUNT_ACCESS - GAS_WARM_ACCESS` if `target_address` is not in `accessed_addresses` and add `target_address` to `accessed_addresses` | ||
| - Load the code from `target_address` and refer to it as `loaded_code` | ||
| - If `loaded_code` indicates a delegation designator (for example, `0xef0100` as defined in [EIP-7702]) push the address of the designation onto the stack. |
There was a problem hiding this comment.
| - If `loaded_code` indicates a delegation designator (for example, `0xef0100` as defined in [EIP-7702]) push the address of the designation onto the stack. | |
| - If `loaded_code` indicates a delegation designator (for example, prefixed with `0xef0100` as defined in [EIP-7702]) push the address of the designation onto the stack. |
| - Notice: if [EIP-7702] delegation designations are updated in a future fork (such as allowing chained delegations), then this section is expected to comply with any such hypothetical changes. | ||
| - Otherwise, push `target_adress` onto the stack. | ||
|
|
||
| Note: If `target_address` or the delegation designator points to an account with a contract mid-creation then the code is empty and returns `0` (`TYPE_NONE`). This is aligned with similar behavior of instructions like `EXTCODESIZE`. |
There was a problem hiding this comment.
In case of delegation designator pointing to address mid-creation, it's true that EXTCODESIZE returns 0, but why would EXTCODEADDRESS do so? I think it should still return the delegate address.
| Note: If `target_address` or the delegation designator points to an account with a contract mid-creation then the code is empty and returns `0` (`TYPE_NONE`). This is aligned with similar behavior of instructions like `EXTCODESIZE`. | |
| Note: If `target_address` points to an account with a contract mid-creation then the code is empty and returns `0` (`TYPE_NONE`). This is aligned with similar behavior of instructions like `EXTCODESIZE`. |
There was a problem hiding this comment.
Good point, but I would even go further. If target_address points to an account with a contract mid-creation, it should return target_address, in line with the generic rule "Otherwise, push target_adress onto the stack." above.
I missed this on first read. EXTCODEADDRESS should by principle return the address which holds the code which would execute if target_address was CALLed, regardless of what that code is.
There was a problem hiding this comment.
EXTCODEADDRESS should by principle return the address which holds the code which would execute if target_address was CALLed, regardless of what that code is.
If it is called when delegate is mid-creation, empty code is executed, right? not the delegation designator interpreted as code.
There was a problem hiding this comment.
right, but we're returning the address of that empty code, not the empty code. I'd say that mid-creationness should have nothing to do here, and this Note could be removed.
There was a problem hiding this comment.
right, but we're returning the address of that empty code, not the empty code.
This confused me, but my logic is:
EXTCODEADDRESS(target)wheretargethas regular code, returnstargetbecauseCALL(target)executestarget.codeEXTCODEADDRESS(target)wheretargethas delegation designator, returnsdelegate_addressbecauseCALL(target)executesdelegate_address.codeEXTCODEADDRESS(target)wheretargethas delegation designator, butdelegate_addressis mid-creation, returnsdelegate_addressbecauseCALL(target)executesdelegate_address.code(empty code), and nottarget.code(delegation designator)
There was a problem hiding this comment.
Good point, but I would even go further. If target_address points to an account with a contract mid-creation, it should return target_address
Ah yes, this I misdunderstood on the first read, actually I think I agree, so but I would keep the note about it to be explicit.target_address should be returned in both these cases,
There was a problem hiding this comment.
| Note: If `target_address` or the delegation designator points to an account with a contract mid-creation then the code is empty and returns `0` (`TYPE_NONE`). This is aligned with similar behavior of instructions like `EXTCODESIZE`. | |
| Note: If `target_address` points to an account with a contract mid-creation, then `target_address` is returned. If delegation designator points to an account with a contract mid-creation, then address of the designation is returned. |
There was a problem hiding this comment.
target_addressshould be returned in both these cases, but I would keep the note about it to be explicit.
Wait, no :). Your above 3 points seem correct to me, but not this (assuming you're referring to the original two cases in the Note). The mid-creation cases should just follow the general logic specced above (and to not confuse, we'd better remove the Note):
So:
EXTCODEADDRESS(target)wheretargethas delegation designator, butdelegate_addressis mid-creation, returnsdelegate_address, just like ifdelegate_addressheld empty code, code or another delegation- otherwise
EXTCODEADDRESS(target)wheretargetis mid-creation, returnstarget, just like iftargetheld empty code or code
Mid-creationnes has no effect, the only branch of the logic is on whether target.code has delegation designator or not.
There was a problem hiding this comment.
Yea, your second suggested change looks ok to me (I'd still at least add that being midcreation has no effect whatsoever, in addition to the scenarios you've given).
| [EIP-7702]: ./eip-7702.md | ||
| [EIP-7692]: ./eip-7692.md | ||
| [EIP-7761]: ./eip-7761.md | ||
| [Ethereum Execution Layer Spec Constants] :https://github.com/ethereum/execution-specs/blob/1adcc1bfe774798bcacc685aebc17bd9935078c3/src/ethereum/cancun/vm/gas.py#L65-L66 |
There was a problem hiding this comment.
| [Ethereum Execution Layer Spec Constants] :https://github.com/ethereum/execution-specs/blob/1adcc1bfe774798bcacc685aebc17bd9935078c3/src/ethereum/cancun/vm/gas.py#L65-L66 | |
| [Ethereum Execution Layer Spec Constants]: https://github.com/ethereum/execution-specs/blob/1adcc1bfe774798bcacc685aebc17bd9935078c3/src/ethereum/cancun/vm/gas.py#L65-L66 |
Add an instruction to EOF that reads code delegation designations from the account without requiring code introspection.