From d4a9172c7907f1788d61a58110be113650e258a3 Mon Sep 17 00:00:00 2001 From: chriseth Date: Mon, 13 Feb 2017 14:50:04 +0100 Subject: [PATCH 01/12] Add STATIC_CALL opcode. --- EIPS/static_call.md | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100644 EIPS/static_call.md diff --git a/EIPS/static_call.md b/EIPS/static_call.md new file mode 100644 index 00000000000000..7dd99bb8d4c4f2 --- /dev/null +++ b/EIPS/static_call.md @@ -0,0 +1,41 @@ +## Preamble +
+  EIP: to be assigned
+  Title: New opcode STATIC_CALL
+  Author: Vitalik Buterin <vitalik@ethereum.org>, Christian Reitwiessner <chris@ethereum.org>
+  Type: Standard Track
+  Category(*only required for Standard Track): Core
+  Status: Draft
+  Created: 2017-02-13
+
+ +## Simple Summary + +To increase smart contract security, this proposal adds a new opcode that can be used to call another contract (or itself) while disallowing any modifications to the state during the call (and its subcalls, if present). + +## Abstract + + +## Motivation + + +## Specification + +Opcode: `0xfa`. + +`STATIC_CALL` functions equivalently to a `CALL`, except it takes 6 arguments not including value, and calls the child with a `STATIC` flag on. Any calls, static or otherwise, made by an execution instance with a `STATIC` flag on will also have a `STATIC` flag on. Any attempts to make state-changing operations inside an execution instance with a `STATIC` flag on will instead throw an exception. These operations include nonzero-value calls, creates, `LOG` calls, `SSTORE`, `SSTOREBYTES` and `SUICIDE`. + +## Rationale + +This allows contracts to make calls that are clearly non-state-changing, reassuring developers and reviewers that re-entrancy bugs or other problems cannot possibly arise from that particular call; it is a pure function that returns an output and does nothing else. This may also make purely functional HLLs easier to implement. + +## Backwards Compatibility + +This proposal adds a new opcode but does not modify the behaviour of other opcodes and thus is backwards compatible for old contracts that do not use the new opcode. + +## Test Cases + +To be written. + +## Implementation + From 3ea17dce51056a88a882edaadd3a9cdbd3be3d53 Mon Sep 17 00:00:00 2001 From: chriseth Date: Tue, 14 Feb 2017 17:59:39 +0100 Subject: [PATCH 02/12] Updated preamble. --- EIPS/static_call.md | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/EIPS/static_call.md b/EIPS/static_call.md index 7dd99bb8d4c4f2..677f85ee79c512 100644 --- a/EIPS/static_call.md +++ b/EIPS/static_call.md @@ -1,13 +1,12 @@ ## Preamble -
-  EIP: to be assigned
-  Title: New opcode STATIC_CALL
-  Author: Vitalik Buterin <vitalik@ethereum.org>, Christian Reitwiessner <chris@ethereum.org>
-  Type: Standard Track
-  Category(*only required for Standard Track): Core
-  Status: Draft
-  Created: 2017-02-13
-
+ + EIP: to be assigned + Title: New opcode STATIC_CALL + Author: Vitalik Buterin , Christian Reitwiessner ; + Type: Standard Track + Category: Core + Status: Draft + Created: 2017-02-13 ## Simple Summary From a23bd30d651ec0b285defc21873417f9f1778bde Mon Sep 17 00:00:00 2001 From: chriseth Date: Fri, 24 Feb 2017 12:07:02 +0100 Subject: [PATCH 03/12] Rename static_call to staticcall. --- EIPS/static_call.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/EIPS/static_call.md b/EIPS/static_call.md index 677f85ee79c512..aab771f3db8a7e 100644 --- a/EIPS/static_call.md +++ b/EIPS/static_call.md @@ -1,7 +1,7 @@ ## Preamble EIP: to be assigned - Title: New opcode STATIC_CALL + Title: New opcode STATICCALL Author: Vitalik Buterin , Christian Reitwiessner ; Type: Standard Track Category: Core @@ -22,7 +22,7 @@ To increase smart contract security, this proposal adds a new opcode that can be Opcode: `0xfa`. -`STATIC_CALL` functions equivalently to a `CALL`, except it takes 6 arguments not including value, and calls the child with a `STATIC` flag on. Any calls, static or otherwise, made by an execution instance with a `STATIC` flag on will also have a `STATIC` flag on. Any attempts to make state-changing operations inside an execution instance with a `STATIC` flag on will instead throw an exception. These operations include nonzero-value calls, creates, `LOG` calls, `SSTORE`, `SSTOREBYTES` and `SUICIDE`. +`STATICCALL` functions equivalently to a `CALL`, except it takes 6 arguments not including value, and calls the child with a `STATIC` flag on. Any calls, static or otherwise, made by an execution instance with a `STATIC` flag on will also have a `STATIC` flag on. Any attempts to make state-changing operations inside an execution instance with a `STATIC` flag on will instead throw an exception. These operations include nonzero-value calls, creates, `LOG` calls, `SSTORE`, `SSTOREBYTES` and `SUICIDE`. ## Rationale From bee45153fa4291a4f42aba3e4b75a9f4613796fd Mon Sep 17 00:00:00 2001 From: chriseth Date: Thu, 18 May 2017 15:35:34 +0200 Subject: [PATCH 04/12] Some clarifications and extensions. --- EIPS/static_call.md | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/EIPS/static_call.md b/EIPS/static_call.md index aab771f3db8a7e..fb36b9335eb5e1 100644 --- a/EIPS/static_call.md +++ b/EIPS/static_call.md @@ -1,6 +1,6 @@ ## Preamble - EIP: to be assigned + EIP: 214 Title: New opcode STATICCALL Author: Vitalik Buterin , Christian Reitwiessner ; Type: Standard Track @@ -14,15 +14,23 @@ To increase smart contract security, this proposal adds a new opcode that can be ## Abstract +This proposal adds a new opcode that can be used to call another contract (or itself) while disallowing any modifications to the state during the call (and its subcalls, if present). Any opcode that attempts to perform such a modification (see below for details) will result in an exception instead of performing the modification. ## Motivation +Currently, there is no restriction about what a called contract can do, as long as the computation can be performed with the amount of gas provided. This poses certain difficulties about smart contract engineers: After a regular call, unless you know the called contract, you cannot make any assumptions about the state of the contracts. Furthermore, because you cannot know the order of transactions before they are confirmed by miners, not even an outside observer can be sure about that in all cases. + +This EIP adds a way to call other contracts and restrict what they can do in the simplest way. It can be safely assumed that the state of all contracts is the same before and after a static call. ## Specification +Introduce a new `STATIC` flag to the virtual machine. This flag is set to `false` initially. Its value is always copied to sub-calls or sub-creates with an exception for the new opcode below. + Opcode: `0xfa`. -`STATICCALL` functions equivalently to a `CALL`, except it takes 6 arguments not including value, and calls the child with a `STATIC` flag on. Any calls, static or otherwise, made by an execution instance with a `STATIC` flag on will also have a `STATIC` flag on. Any attempts to make state-changing operations inside an execution instance with a `STATIC` flag on will instead throw an exception. These operations include nonzero-value calls, creates, `LOG` calls, `SSTORE`, `SSTOREBYTES` and `SUICIDE`. +`STATICCALL` functions equivalently to a `CALL`, except it takes 6 arguments not including value, and calls the child with the `STATIC` flag set to `true`. + +Any attempts to make state-changing operations inside an execution instance with `STATIC` set to `true` will instead throw an exception. These operations include `CREATE`, `CREATE2`, `LOG`, `SSTORE`, `SSTOREBYTES` and `SELFDESTRUCT`. They also include `CALL` and `DELEGATECALL` with a non-zero value. As an exception, `CALLCODE` is not considered state-changing, even with a non-zero value. ## Rationale @@ -30,7 +38,7 @@ This allows contracts to make calls that are clearly non-state-changing, reassur ## Backwards Compatibility -This proposal adds a new opcode but does not modify the behaviour of other opcodes and thus is backwards compatible for old contracts that do not use the new opcode. +This proposal adds a new opcode but does not modify the behaviour of other opcodes and thus is backwards compatible for old contracts that do not use the new opcode and are not called via the new opcode. ## Test Cases From 5e0c5f38bb6d8483200582ba3bd5e3fa44d4bfa9 Mon Sep 17 00:00:00 2001 From: chriseth Date: Thu, 1 Jun 2017 10:08:38 +0200 Subject: [PATCH 05/12] Clarify resetting the static flag. --- EIPS/static_call.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/EIPS/static_call.md b/EIPS/static_call.md index fb36b9335eb5e1..0331c1e05ec8cb 100644 --- a/EIPS/static_call.md +++ b/EIPS/static_call.md @@ -28,7 +28,7 @@ Introduce a new `STATIC` flag to the virtual machine. This flag is set to `false Opcode: `0xfa`. -`STATICCALL` functions equivalently to a `CALL`, except it takes 6 arguments not including value, and calls the child with the `STATIC` flag set to `true`. +`STATICCALL` functions equivalently to a `CALL`, except it takes 6 arguments not including value, and calls the child with the `STATIC` flag set to `true` for the execution of the child. Once this call returns, the flag is reset to its value before the call. Any attempts to make state-changing operations inside an execution instance with `STATIC` set to `true` will instead throw an exception. These operations include `CREATE`, `CREATE2`, `LOG`, `SSTORE`, `SSTOREBYTES` and `SELFDESTRUCT`. They also include `CALL` and `DELEGATECALL` with a non-zero value. As an exception, `CALLCODE` is not considered state-changing, even with a non-zero value. From 2a7e44538f9a12560a3bf48e2969ac0b9497877a Mon Sep 17 00:00:00 2001 From: chriseth Date: Fri, 16 Jun 2017 16:59:56 +0200 Subject: [PATCH 06/12] Small fixes. --- EIPS/static_call.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/EIPS/static_call.md b/EIPS/static_call.md index 0331c1e05ec8cb..6de5ed7d6b0935 100644 --- a/EIPS/static_call.md +++ b/EIPS/static_call.md @@ -24,13 +24,13 @@ This EIP adds a way to call other contracts and restrict what they can do in the ## Specification -Introduce a new `STATIC` flag to the virtual machine. This flag is set to `false` initially. Its value is always copied to sub-calls or sub-creates with an exception for the new opcode below. +Introduce a new `STATIC` flag to the virtual machine. This flag is set to `false` initially. Its value is always copied to sub-calls with an exception for the new opcode below. Opcode: `0xfa`. `STATICCALL` functions equivalently to a `CALL`, except it takes 6 arguments not including value, and calls the child with the `STATIC` flag set to `true` for the execution of the child. Once this call returns, the flag is reset to its value before the call. -Any attempts to make state-changing operations inside an execution instance with `STATIC` set to `true` will instead throw an exception. These operations include `CREATE`, `CREATE2`, `LOG`, `SSTORE`, `SSTOREBYTES` and `SELFDESTRUCT`. They also include `CALL` and `DELEGATECALL` with a non-zero value. As an exception, `CALLCODE` is not considered state-changing, even with a non-zero value. +Any attempts to make state-changing operations inside an execution instance with `STATIC` set to `true` will instead throw an exception. These operations include `CREATE`, `CREATE2`, `LOG1`, `LOG2`, `LOG3`, `LOG4`, `SSTORE`, and `SELFDESTRUCT`. They also include `CALL` with a non-zero value. As an exception, `CALLCODE` is not considered state-changing, even with a non-zero value. ## Rationale From 2d2d028c3cee5f2fd7a0b36d0b5eaadef66eebb4 Mon Sep 17 00:00:00 2001 From: chriseth Date: Mon, 3 Jul 2017 18:30:31 +0200 Subject: [PATCH 07/12] Clarify value argument. --- EIPS/static_call.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/EIPS/static_call.md b/EIPS/static_call.md index 6de5ed7d6b0935..5e0b79af905769 100644 --- a/EIPS/static_call.md +++ b/EIPS/static_call.md @@ -28,7 +28,7 @@ Introduce a new `STATIC` flag to the virtual machine. This flag is set to `false Opcode: `0xfa`. -`STATICCALL` functions equivalently to a `CALL`, except it takes 6 arguments not including value, and calls the child with the `STATIC` flag set to `true` for the execution of the child. Once this call returns, the flag is reset to its value before the call. +`STATICCALL` functions equivalently to a `CALL`, except it takes only 6 arguments (the "value" argument is not included and taken to be zero), and calls the child with the `STATIC` flag set to `true` for the execution of the child. Once this call returns, the flag is reset to its value before the call. Any attempts to make state-changing operations inside an execution instance with `STATIC` set to `true` will instead throw an exception. These operations include `CREATE`, `CREATE2`, `LOG1`, `LOG2`, `LOG3`, `LOG4`, `SSTORE`, and `SELFDESTRUCT`. They also include `CALL` with a non-zero value. As an exception, `CALLCODE` is not considered state-changing, even with a non-zero value. From 2da707c93e53f8522b85910757a6e204a4658d3b Mon Sep 17 00:00:00 2001 From: chriseth Date: Thu, 24 Aug 2017 11:40:35 +0200 Subject: [PATCH 08/12] Add log0 --- EIPS/static_call.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/EIPS/static_call.md b/EIPS/static_call.md index 5e0b79af905769..41163a22aba7ed 100644 --- a/EIPS/static_call.md +++ b/EIPS/static_call.md @@ -30,7 +30,7 @@ Opcode: `0xfa`. `STATICCALL` functions equivalently to a `CALL`, except it takes only 6 arguments (the "value" argument is not included and taken to be zero), and calls the child with the `STATIC` flag set to `true` for the execution of the child. Once this call returns, the flag is reset to its value before the call. -Any attempts to make state-changing operations inside an execution instance with `STATIC` set to `true` will instead throw an exception. These operations include `CREATE`, `CREATE2`, `LOG1`, `LOG2`, `LOG3`, `LOG4`, `SSTORE`, and `SELFDESTRUCT`. They also include `CALL` with a non-zero value. As an exception, `CALLCODE` is not considered state-changing, even with a non-zero value. +Any attempts to make state-changing operations inside an execution instance with `STATIC` set to `true` will instead throw an exception. These operations include `CREATE`, `CREATE2`, `LOG0`, `LOG1`, `LOG2`, `LOG3`, `LOG4`, `SSTORE`, and `SELFDESTRUCT`. They also include `CALL` with a non-zero value. As an exception, `CALLCODE` is not considered state-changing, even with a non-zero value. ## Rationale From 12257d516de8e9d020cee2a021ddd9ad1693d495 Mon Sep 17 00:00:00 2001 From: Yoichi Hirai Date: Mon, 20 Nov 2017 12:33:33 +0100 Subject: [PATCH 09/12] Move static_call.md to eip-214.md --- EIPS/{static_call.md => eip-214.md} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename EIPS/{static_call.md => eip-214.md} (100%) diff --git a/EIPS/static_call.md b/EIPS/eip-214.md similarity index 100% rename from EIPS/static_call.md rename to EIPS/eip-214.md From b550ed71b899f3e85921b90da2c2d6ab50080817 Mon Sep 17 00:00:00 2001 From: Yoichi Hirai Date: Mon, 27 Nov 2017 17:58:21 +0100 Subject: [PATCH 10/12] Tiny fixes --- EIPS/eip-214.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/EIPS/eip-214.md b/EIPS/eip-214.md index 41163a22aba7ed..1427b8514f9d1d 100644 --- a/EIPS/eip-214.md +++ b/EIPS/eip-214.md @@ -5,7 +5,7 @@ Author: Vitalik Buterin , Christian Reitwiessner ; Type: Standard Track Category: Core - Status: Draft + Status: Accepted Created: 2017-02-13 ## Simple Summary @@ -18,9 +18,9 @@ This proposal adds a new opcode that can be used to call another contract (or it ## Motivation -Currently, there is no restriction about what a called contract can do, as long as the computation can be performed with the amount of gas provided. This poses certain difficulties about smart contract engineers: After a regular call, unless you know the called contract, you cannot make any assumptions about the state of the contracts. Furthermore, because you cannot know the order of transactions before they are confirmed by miners, not even an outside observer can be sure about that in all cases. +Currently, there is no restriction about what a called contract can do, as long as the computation can be performed with the amount of gas provided. This poses certain difficulties about smart contract engineers; after a regular call, unless you know the called contract, you cannot make any assumptions about the state of the contracts. Furthermore, because you cannot know the order of transactions before they are confirmed by miners, not even an outside observer can be sure about that in all cases. -This EIP adds a way to call other contracts and restrict what they can do in the simplest way. It can be safely assumed that the state of all contracts is the same before and after a static call. +This EIP adds a way to call other contracts and restrict what they can do in the simplest way. It can be safely assumed that the state of all accounts is the same before and after a static call. ## Specification From d8f5c84717a491563925fa223a4b77144bcbf379 Mon Sep 17 00:00:00 2001 From: Yoichi Hirai Date: Mon, 27 Nov 2017 18:03:03 +0100 Subject: [PATCH 11/12] The status is already Final --- EIPS/eip-214.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/EIPS/eip-214.md b/EIPS/eip-214.md index 1427b8514f9d1d..1bc58474603e9f 100644 --- a/EIPS/eip-214.md +++ b/EIPS/eip-214.md @@ -5,7 +5,7 @@ Author: Vitalik Buterin , Christian Reitwiessner ; Type: Standard Track Category: Core - Status: Accepted + Status: Final Created: 2017-02-13 ## Simple Summary From b1623c2f5f3b6350d74d7bf54115c8657aaab602 Mon Sep 17 00:00:00 2001 From: chriseth Date: Mon, 4 Dec 2017 11:13:15 +0100 Subject: [PATCH 12/12] Update eip-214.md --- EIPS/eip-214.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/EIPS/eip-214.md b/EIPS/eip-214.md index 1bc58474603e9f..2e5756c0c57e01 100644 --- a/EIPS/eip-214.md +++ b/EIPS/eip-214.md @@ -46,3 +46,7 @@ To be written. ## Implementation +## Copyright + +Copyright and related rights waived via [CC0](https://creativecommons.org/publicdomain/zero/1.0/). +