New opcode: STATICCALL #214
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,48 @@ | ||
| ## Preamble | ||
|
|
||
| EIP: 214 | ||
| Title: New opcode STATICCALL | ||
| Author: Vitalik Buterin <[email protected]>, Christian Reitwiessner <[email protected]>; | ||
| Type: Standard Track | ||
| Category: Core | ||
| Status: Draft | ||
| Created: 2017-02-13 | ||
|
|
||
| ## Simple Summary | ||
|
|
||
| To increase smart contract security, this proposal adds a new opcode that can be used to call another contract (or itself) while disallowing any modifications to the state during the call (and its subcalls, if present). | ||
|
|
||
| ## Abstract | ||
|
|
||
| This proposal adds a new opcode that can be used to call another contract (or itself) while disallowing any modifications to the state during the call (and its subcalls, if present). Any opcode that attempts to perform such a modification (see below for details) will result in an exception instead of performing the modification. | ||
|
|
||
| ## Motivation | ||
|
|
||
| Currently, there is no restriction about what a called contract can do, as long as the computation can be performed with the amount of gas provided. This poses certain difficulties about smart contract engineers: After a regular call, unless you know the called contract, you cannot make any assumptions about the state of the contracts. Furthermore, because you cannot know the order of transactions before they are confirmed by miners, not even an outside observer can be sure about that in all cases. | ||
|
|
||
| This EIP adds a way to call other contracts and restrict what they can do in the simplest way. It can be safely assumed that the state of all contracts is the same before and after a static call. | ||
|
|
||
| ## Specification | ||
|
|
||
| Introduce a new `STATIC` flag to the virtual machine. This flag is set to `false` initially. Its value is always copied to sub-calls with an exception for the new opcode below. | ||
|
|
||
| Opcode: `0xfa`. | ||
|
There was a problem hiding this comment. Why not There was a problem hiding this comment. I just took that from some draft, I'm fine with any other value. There was a problem hiding this comment. I think we will be better off choosing random opcodes. If we try to avoid gaps, we need to sort EIPs in a linear ordering, and more communication is needed. On the other hand, if we allow gaps, no communication is necessary unless there is a collision (or, when one party notices a collision, they can simply change the opcode, so maybe no communicaiton is necessary). There was a problem hiding this comment. That is true, though I do not feel it is a valid concern currently, since only one CALL opcode is being added in Byzantium. (The other opcodes, revert, returndata* are sorted out). There was a problem hiding this comment. Does this now stay at There was a problem hiding this comment. @holgerd77 https://github.com/ethereum/EIPs/pull/214/files#diff-337cc39e057923ec63cd647f0acfb835R31 might answer your questions. |
||
|
|
||
| `STATICCALL` functions equivalently to a `CALL`, except it takes 6 arguments not including value, and calls the child with the `STATIC` flag set to `true` for the execution of the child. Once this call returns, the flag is reset to its value before the call. | ||
|
There was a problem hiding this comment. One phrase is missing: Of the 7 arguments of There was a problem hiding this comment. Right, this sentence is really bad ;-) There was a problem hiding this comment. I.e.: There was a problem hiding this comment. Ah right and that value is taken to be zero. Perhaps you just meant that? There was a problem hiding this comment. That sentence is necessary to exclude the |
||
|
|
||
| Any attempts to make state-changing operations inside an execution instance with `STATIC` set to `true` will instead throw an exception. These operations include `CREATE`, `CREATE2`, `LOG1`, `LOG2`, `LOG3`, `LOG4`, `SSTORE`, and `SELFDESTRUCT`. They also include `CALL` with a non-zero value. As an exception, `CALLCODE` is not considered state-changing, even with a non-zero value. | ||
|
There was a problem hiding this comment. Shouldn't this also mention that future state changing instructions are included in this list or do we plan to either:
There was a problem hiding this comment.
There was a problem hiding this comment. Yes, Logs are recorded permanently on the chain, and dApps watch for logs. When dApps find logs, they assume something has happened. There was a problem hiding this comment. The main reason for logs being in this list is because there is another EIP that proposes to store logs in the storage of a certain system contract. |
||
|
|
||
| ## Rationale | ||
|
|
||
| This allows contracts to make calls that are clearly non-state-changing, reassuring developers and reviewers that re-entrancy bugs or other problems cannot possibly arise from that particular call; it is a pure function that returns an output and does nothing else. This may also make purely functional HLLs easier to implement. | ||
|
There was a problem hiding this comment. I guess HLL stands for "Haskell-like languages", but maybe not. There was a problem hiding this comment. My guess is that it stands for just "high level language". |
||
|
|
||
| ## Backwards Compatibility | ||
|
|
||
| This proposal adds a new opcode but does not modify the behaviour of other opcodes and thus is backwards compatible for old contracts that do not use the new opcode and are not called via the new opcode. | ||
|
|
||
| ## Test Cases | ||
|
|
||
| To be written. | ||
|
|
||
| ## Implementation | ||
|
|
||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Shouldn't this be filled with something?