status-im
/
EIPs
mirror of https://github.com/status-im/EIPs.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Formatting

This commit is contained in:
Martin Holst Swende 2015-11-19 21:06:06 +01:00
parent e2ddda55f3
commit 2bf1177f1a
1 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
EIPS/eip-3.mediawiki
View File

@ -9,7 +9,7 @@
==Abstract== ==Abstract==
This is a proposal to add a new opcode, `CALLDEPTH`. The `CALLDEPTH` opcode would return the remaining available call stack depth. This is a proposal to add a new opcode, <code>CALLDEPTH</code>. The <code>CALLDEPTH</code> opcode would return the remaining available call stack depth.
==Motivation== ==Motivation==
@ -19,14 +19,14 @@ This behaviour makes it possible to subject a contract to a "call stack attack"
Example: Example:
1. Contract `A` want's to be invoked regularly, and pays Ether to the invoker in every block. # Contract `A` want's to be invoked regularly, and pays Ether to the invoker in every block.
2. When contract `A` is invoked, it calls contracts `B` and `C`, which consumes a lot of gas. After invocation, contract `A` pays Ether to the caller. # When contract `A` is invoked, it calls contracts `B` and `C`, which consumes a lot of gas. After invocation, contract `A` pays Ether to the caller.
3. Malicious user `X` ensures that the stack depth is shallow before invoking A. Both calls to `B` and `C` fail, but `X` can still collect the reward. # Malicious user `X` ensures that the stack depth is shallow before invoking A. Both calls to `B` and `C` fail, but `X` can still collect the reward.
It is possible to defend against this in two ways: It is possible to defend against this in two ways:
1. Check return value after invocation. # Check return value after invocation.
2. Check call stack depth experimentally. A library [2] by Piper Merriam exists for this purpose. This method is quite costly in gas. # Check call stack depth experimentally. A library [2] by Piper Merriam exists for this purpose. This method is quite costly in gas.
[1] a.k.a "shallow stack attack" and "stack attack". However, to be precise, the word `stack` has a different meaning within the EVM, and is not to be confused with the _call stack_. [1] a.k.a "shallow stack attack" and "stack attack". However, to be precise, the word `stack` has a different meaning within the EVM, and is not to be confused with the _call stack_.
@ -34,7 +34,7 @@ It is possible to defend against this in two ways:
==Specification== ==Specification==
The opcode `CALLDEPTH` should return the remaining call stack depth. A value of `0` means that the call stack is exhausted, and no further calls can be made. The opcode <code>CALLDEPTH</code> should return the remaining call stack depth. A value of `0` means that the call stack is exhausted, and no further calls can be made.
==Rationale== ==Rationale==