status-im/EIPs
2
0
Fork 0
mirror of https://github.com/status-im/EIPs.git synced 2025-02-22 11:48:19 +00:00
Code Issues Projects Releases Wiki Activity

Strict enforcement of chainId (#3788)

Browse Source 
* add eip

* updated file

* cleanup language

* small change

* Update eip-.md

* add security notice

* update description

* add discussion to

* Update EIPS/eip-3788.md

Co-authored-by: Micah Zoltu <micah@zoltu.net>

Co-authored-by: Micah Zoltu <micah@zoltu.net>
This commit is contained in:
Gregory Markou 2021-09-03 15:08:18 +03:00 committed by GitHub
parent 7bba715f22
commit 307cd98640
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 60 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
EIPS/eip-3788.md Normal file
View File

@ -0,0 +1,60 @@
---
eip: 3788
title: Strict enforcement of chainId
description: Reject transactions that do not explicitly have the same chainId as the node's configuration.
author: Gregory Markou (@GregTheGreek)
discussions-to: https://ethereum-magicians.org/t/discussion-to-eip-3788-strict-enforcement-of-chainid/7001
status: Draft
type: Standards Track
category: Core
created: 2021-09-2
requires: 155
---
## Abstract
Reject transactions that do not explicitly have the same chainId as the node's configuration.
## Motivation
Per [EIP-155](./eip-155.md) a transaction with a `chainId = 0` is considered to be a valid
transaction. This was a feature to offer developers the ability to sumbit replayable transactions
across different chains. With the rise of evm compatible chains, many of which use forks, or packages
from popular Ethereum clients, we are putting user funds at risk. This is because most wallet
interfaces do not expose the chainId to the user, meaning they typically do not have insight
into what chainId they are signing. Should a malicious actor (or accidental) choose to, they
can easily have users submit transactions with a `chainId = 0` on a non-mainnet network, allowing
the malicious actor to replay the transaction on ethereum mainnet (or other networks for that matter)
as a grief or sophisticated attack.
## Specification
As of the fork block `N`, consider transactions with a `chaindId = 0` to be invalid. Such that
transactions are verified based on the nodes configuration. Eg:
```
if (node.cfg.chainId != tx.chainId) {
// Reject transaction
}
```
## Rationale
The configuration set by the node is the main source of truth, and thus should be explicitly used
when deciding how to filter out a transaction. This check should exist in two places, as a filter
on the JSON-RPC (eg: `eth_sendTransaction`), and stricly enforced on the EVM during transaction
validation.
This ensures that users will not have transactions pending that will be guaranteed to fail, and
prevents the transaction from being included in a block.
## Backwards Compatibility
This breaks all applications or tooling that submit transactions with a `chainId == 0` after block number `N`.
## Test Cases
TBD
## Security Considerations
It should be noted this will not prevent a malicious actor from deploying a network with `chainId = 1`, or copying any other networks chainId.
## Copyright
Copyright and related rights waived via [CC0](https://creativecommons.org/publicdomain/zero/1.0/).