From a50bdd5fd3808954dcc869ab2f3c1298b168f277 Mon Sep 17 00:00:00 2001 From: Martin Holst Swende Date: Thu, 28 May 2020 13:23:08 +0200 Subject: [PATCH 1/6] EIP draft initcode cap --- EIPS/eip-draft_cap_initcode.md | 70 ++++++++++++++++++++++++++++++++++ 1 file changed, 70 insertions(+) create mode 100644 EIPS/eip-draft_cap_initcode.md diff --git a/EIPS/eip-draft_cap_initcode.md b/EIPS/eip-draft_cap_initcode.md new file mode 100644 index 00000000000000..81e6f398491122 --- /dev/null +++ b/EIPS/eip-draft_cap_initcode.md @@ -0,0 +1,70 @@ +--- +eip: +title: Limit size of `initcode` +author: Martin Holst Swende (@holiman), Pawel Bylica (@chfast), Alex Beregszazi (@axic) +discussions-to: +status: Draft +type: Core +created: 2020-05-18 +--- + +## Simple Summary + +Enforce a maximum size limit (`max_initcode_size`) of `49152` (`0x6000`) for `initcode`. + +## Abstract + +Enforce a maximum size limit (`max_initcode_size`) for `initcode`. If the size of `initcode` exceeds `max_initcode_size`, then contract creation fails with an out of gas error. + +Since [EIP 170](https://eips.ethereum.org/EIPS/eip-170) was implemented, there has been a size limit of `24576` (`0x6000`) on contract code. We propose to also limit the size of executable code to `2x` the above limit, i.e. `49152` (`0xc000`). + +This also leads to two nice properties: + +- instruction offset in code fits 16-bit value, +- code size fits 16-bit value. + +## Motivation + +When a client executes `initcode`, the client has to perform a jumpdest analysis. In some cases, the client also performs a `hash` of the code: + +* To use as a key in a mapping containing result of a jumpdest analysis +* To use for address calculation within `CREATE2`. + +The work performed during a jumpdest analysis scales linearly with the size of the code. Currently, a transaction can expand the memory once, and reuse the same memory segment (with minor modifications) to force the client to perform a lot of analysis/hashing, leading to slow block processing. + +Historically, this was exploited in June 2017, precipitating the 1.6.5-patch relase of [geth](https://github.com/ethereum/go-ethereum/releases/tag/v1.6.5) + +## Specification + +There are three situations where this is applicable: + +* `CREATE`, +* `CREATE2`, +* creation using a transaction with empty receiver. + +In all these (and future) cases, the EVM should fail with Out Of Gas error if the code has a length more than `max_initcode_size`. + +## Rationale + + +## Backwards Compatibility + +This EIP requires a "network upgrade", since it modifies consenus-rules. + +## Security Considerations + +For client implementations, this EIP makes attacks based on jumpdest-analysis or hashing of code less problematic, so should increase the robustness of clients. + +For layer 2, this EIP introduces failure-modes where there previously were none. There _could_ exist factory-contracts which deploy multi-level contract hierarchies, such that the code for multiple contracts are included in the initcode of the first contract. The author(s) of this EIP are not aware of any such contracts. + +## Test Cases + +Test cases should include the following cases, + +- `CREATE`/`CREATE2`/`tx create` with `initcode_size` at `max_initcode_size` +- `CREATE`/`CREATE2`/`tx create` with `initcode_size` at `max_initcode_size+1` + +## Implementation + +## Copyright +Copyright and related rights waived via [CC0](https://creativecommons.org/publicdomain/zero/1.0/). From 66f6460f30f7a873987bf751d4a4704eb872af39 Mon Sep 17 00:00:00 2001 From: Martin Holst Swende Date: Thu, 28 May 2020 13:34:17 +0200 Subject: [PATCH 2/6] Update EIPS/eip-draft_cap_initcode.md Co-authored-by: Sina Mahmoodi <1591639+s1na@users.noreply.github.com> --- EIPS/eip-draft_cap_initcode.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/EIPS/eip-draft_cap_initcode.md b/EIPS/eip-draft_cap_initcode.md index 81e6f398491122..2945b00b1bfacb 100644 --- a/EIPS/eip-draft_cap_initcode.md +++ b/EIPS/eip-draft_cap_initcode.md @@ -10,7 +10,7 @@ created: 2020-05-18 ## Simple Summary -Enforce a maximum size limit (`max_initcode_size`) of `49152` (`0x6000`) for `initcode`. +Enforce a maximum size limit (`max_initcode_size`) of `49152` (`0xc000`) for `initcode`. ## Abstract From 07d834a2f7a607b097bad2b024333ea39083b0f7 Mon Sep 17 00:00:00 2001 From: Martin Holst Swende Date: Fri, 29 May 2020 09:35:20 +0200 Subject: [PATCH 3/6] EIP-2677: linter fixes, minor changes, update with EIP number --- EIPS/{eip-draft_cap_initcode.md => eip-2677.md} | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) rename EIPS/{eip-draft_cap_initcode.md => eip-2677.md} (92%) diff --git a/EIPS/eip-draft_cap_initcode.md b/EIPS/eip-2677.md similarity index 92% rename from EIPS/eip-draft_cap_initcode.md rename to EIPS/eip-2677.md index 2945b00b1bfacb..1f95ac1bf99b25 100644 --- a/EIPS/eip-draft_cap_initcode.md +++ b/EIPS/eip-2677.md @@ -1,5 +1,5 @@ --- -eip: +eip: 2677 title: Limit size of `initcode` author: Martin Holst Swende (@holiman), Pawel Bylica (@chfast), Alex Beregszazi (@axic) discussions-to: @@ -32,7 +32,9 @@ When a client executes `initcode`, the client has to perform a jumpdest analysis The work performed during a jumpdest analysis scales linearly with the size of the code. Currently, a transaction can expand the memory once, and reuse the same memory segment (with minor modifications) to force the client to perform a lot of analysis/hashing, leading to slow block processing. -Historically, this was exploited in June 2017, precipitating the 1.6.5-patch relase of [geth](https://github.com/ethereum/go-ethereum/releases/tag/v1.6.5) +Historically, this was exploited in June 2017, precipitating the 1.6.5-patch release of [geth](https://github.com/ethereum/go-ethereum/releases/tag/v1.6.5) + +The work performed during address calculation within `CREATE2` is charged in proportion with size of the code. ## Specification From 059f9ed72790ac6d12634ae00f5d0fabb0f8713e Mon Sep 17 00:00:00 2001 From: Alex Beregszaszi Date: Fri, 28 Aug 2020 20:59:42 +0100 Subject: [PATCH 4/6] Small typographic changes --- EIPS/eip-2677.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/EIPS/eip-2677.md b/EIPS/eip-2677.md index 1f95ac1bf99b25..b00d2394be5274 100644 --- a/EIPS/eip-2677.md +++ b/EIPS/eip-2677.md @@ -16,7 +16,7 @@ Enforce a maximum size limit (`max_initcode_size`) of `49152` (`0xc000`) for `in Enforce a maximum size limit (`max_initcode_size`) for `initcode`. If the size of `initcode` exceeds `max_initcode_size`, then contract creation fails with an out of gas error. -Since [EIP 170](https://eips.ethereum.org/EIPS/eip-170) was implemented, there has been a size limit of `24576` (`0x6000`) on contract code. We propose to also limit the size of executable code to `2x` the above limit, i.e. `49152` (`0xc000`). +Since [EIP-170](https://eips.ethereum.org/EIPS/eip-170) was implemented, there has been a size limit of `24576` (`0x6000`) on contract code. We propose to also limit the size of executable code to `2x` the above limit, i.e. `49152` (`0xc000`). This also leads to two nice properties: @@ -48,6 +48,7 @@ In all these (and future) cases, the EVM should fail with Out Of Gas error if th ## Rationale +TBA ## Backwards Compatibility @@ -68,5 +69,7 @@ Test cases should include the following cases, ## Implementation +TBA + ## Copyright Copyright and related rights waived via [CC0](https://creativecommons.org/publicdomain/zero/1.0/). From d942e1a584f4af0664dff5e36b4a8755574426e4 Mon Sep 17 00:00:00 2001 From: Alex Beregszaszi Date: Fri, 28 Aug 2020 21:01:53 +0100 Subject: [PATCH 5/6] Add discussion URL --- EIPS/eip-2677.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/EIPS/eip-2677.md b/EIPS/eip-2677.md index b00d2394be5274..3b6318bdc70a7c 100644 --- a/EIPS/eip-2677.md +++ b/EIPS/eip-2677.md @@ -2,7 +2,7 @@ eip: 2677 title: Limit size of `initcode` author: Martin Holst Swende (@holiman), Pawel Bylica (@chfast), Alex Beregszazi (@axic) -discussions-to: +discussions-to: https://ethereum-magicians.org/t/eip-2677-limit-size-of-initcode/4550 status: Draft type: Core created: 2020-05-18 From a42dbee68887cdd4567392faa552a8cb723406a8 Mon Sep 17 00:00:00 2001 From: Alex Beregszaszi Date: Fri, 28 Aug 2020 21:10:17 +0100 Subject: [PATCH 6/6] Fix EIP header --- EIPS/eip-2677.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/EIPS/eip-2677.md b/EIPS/eip-2677.md index 3b6318bdc70a7c..d7d32e7fb8f5f1 100644 --- a/EIPS/eip-2677.md +++ b/EIPS/eip-2677.md @@ -4,7 +4,8 @@ title: Limit size of `initcode` author: Martin Holst Swende (@holiman), Pawel Bylica (@chfast), Alex Beregszazi (@axic) discussions-to: https://ethereum-magicians.org/t/eip-2677-limit-size-of-initcode/4550 status: Draft -type: Core +type: Standards Track +category: Core created: 2020-05-18 ---