Skip to content
This repository was archived by the owner on Nov 15, 2023. It is now read-only.
This repository was archived by the owner on Nov 15, 2023. It is now read-only.

seal: Storage rent for code #6596

@athei

Description

@athei

Currently, no rent is collected for code that is stored on-chain. Only the state of the individual contracts is subject to rent payments. This is because code is deployed independently of a contract and can then be used by any contract without further costs. There is also no way (apart from governance) to remove code stored on the chain.

This opens up the chain to DoS because anyone can clutter the storage with code with only a one time cost that covers the computation costs of uploading the code.

For that reason, we propose that contracts should pay for the code they use. To incentives code sharing the costs are also shared between all users of a code blob. We change the rent formula that is calculated on contract access or claim_surcharge to:

rent = storage_rent + (code_size / num_code_users)

The costs for code storage converge against zero with more users using it. Due to integer arithmetic is reaches zero once num_code_users > code_size.

One issue is that the rent is not collected every block but only when the contract is accessed or claim_surcharge is called. The num_code_users can change in between blocks making the calculation inaccurate. However, we argue despite the inaccuracy we cannot come up with an attack that turns this into a DoS vector.

Steps that are necessary for implementation:

  • Count the number of users per code hash and delete the code hash once the counter reaches zero
  • The set_code dispatchable is replaced with instantiate_with_code because every code_hash needs at least one user. The seal_instantiate contract callable function stays untouched. Contracts cannot deploy code.
  • Change the rent formula of contracts to also account for the code size.

Metadata

Metadata

Assignees

No one assigned

    Labels

    I2-securityThe client fails to follow expected, security-sensitive, behaviour.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions