From faaec24907cd30eb51b8ab28ee5351c5f0181b85 Mon Sep 17 00:00:00 2001 From: zaq1tomo Date: Thu, 8 Mar 2018 17:19:21 +0900 Subject: [PATCH 1/9] add eip-3.md file --- EIPS/eip-3.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 EIPS/eip-3.md diff --git a/EIPS/eip-3.md b/EIPS/eip-3.md new file mode 100644 index 00000000..e69de29b From f81465cf1bb18ca549a1a2b3582b90e7bfe288bb Mon Sep 17 00:00:00 2001 From: zaq1tomo Date: Thu, 8 Mar 2018 17:19:36 +0900 Subject: [PATCH 2/9] update eip-3.md --- EIPS/eip-3.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/EIPS/eip-3.md b/EIPS/eip-3.md index e69de29b..e31dd8eb 100644 --- a/EIPS/eip-3.md +++ b/EIPS/eip-3.md @@ -0,0 +1,9 @@ +``` +EIP: 3 +Title: Addition of CALLDEPTH opcode +Author: Martin Holst Swende +Status: Draft +Type: Standards Track +Layer: Consensus (hard-fork) +Created: 2015-11-19 +``` \ No newline at end of file From 72c4820724502a15ffbb1e16735bb9214a5b45de Mon Sep 17 00:00:00 2001 From: zaq1tomo Date: Thu, 8 Mar 2018 17:20:58 +0900 Subject: [PATCH 3/9] update eip-3.md --- EIPS/eip-3.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/EIPS/eip-3.md b/EIPS/eip-3.md index e31dd8eb..10bb802d 100644 --- a/EIPS/eip-3.md +++ b/EIPS/eip-3.md @@ -6,4 +6,8 @@ Status: Draft Type: Standards Track Layer: Consensus (hard-fork) Created: 2015-11-19 -``` \ No newline at end of file +``` + +# Abstract + +This is a proposal to add a new opcode, `CALLDEPTH`. The `CALLDEPTH` opcode would return the remaining available call stack depth. From 8fa9860a5b52ece2cefd422c09593e931252fdcf Mon Sep 17 00:00:00 2001 From: zaq1tomo Date: Thu, 8 Mar 2018 17:24:50 +0900 Subject: [PATCH 4/9] update eip-3.md --- EIPS/eip-3.md | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/EIPS/eip-3.md b/EIPS/eip-3.md index 10bb802d..11af7480 100644 --- a/EIPS/eip-3.md +++ b/EIPS/eip-3.md @@ -11,3 +11,25 @@ Created: 2015-11-19 # Abstract This is a proposal to add a new opcode, `CALLDEPTH`. The `CALLDEPTH` opcode would return the remaining available call stack depth. + +# Motivation + +There is a limit specifying how deep contracts can call other contracts; the call stack. The limit is currently `256`. If a contract invokes another contract (either via `CALL` or `CALLCODE`), the operation will fail if the call stack depth limit has been reached. + +This behaviour makes it possible to subject a contract to a "call stack attack" [1]. In such an attack, an attacker first creates a suitable depth of the stack, e.g. by recursive calls. After this step, the attacker invokes the targeted contract. If the targeted calls another contract, that call will fail. If the return value is not properly checked to see if the call was successfull, the consequences could be damaging. + +Example: + +1. Contract `A` want's to be invoked regularly, and pays Ether to the invoker in every block. +2. When contract `A` is invoked, it calls contracts `B` and `C`, which consumes a lot of gas. After invocation, contract `A` pays Ether to the caller. +3. Malicious user `X` ensures that the stack depth is shallow before invoking A. Both calls to `B` and `C` fail, but `X` can still collect the reward. + +It is possible to defend against this in two ways: + +1. Check return value after invocation. +2. Check call stack depth experimentally. A library [2] by Piper Merriam exists for this purpose. This method is quite costly in gas. + + +[1] a.k.a "shallow stack attack" and "stack attack". However, to be precise, the word ''stack'' has a different meaning within the EVM, and is not to be confused with the ''call stack''. + +[2] https://github.com/pipermerriam/ethereum-stack-depth-lib From d964470d7979b562b037dbb96a6cd33ac159891a Mon Sep 17 00:00:00 2001 From: zaq1tomo Date: Thu, 8 Mar 2018 17:25:32 +0900 Subject: [PATCH 5/9] update eip-3.md --- EIPS/eip-3.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/EIPS/eip-3.md b/EIPS/eip-3.md index 11af7480..f6093fb2 100644 --- a/EIPS/eip-3.md +++ b/EIPS/eip-3.md @@ -33,3 +33,7 @@ It is possible to defend against this in two ways: [1] a.k.a "shallow stack attack" and "stack attack". However, to be precise, the word ''stack'' has a different meaning within the EVM, and is not to be confused with the ''call stack''. [2] https://github.com/pipermerriam/ethereum-stack-depth-lib + +# Specification + +The opcode `CALLDEPTH` should return the remaining call stack depth. A value of `0` means that the call stack is exhausted, and no further calls can be made. From 510a0a2ac6708d965d393fdca950275d6e7586d2 Mon Sep 17 00:00:00 2001 From: zaq1tomo Date: Thu, 8 Mar 2018 17:26:10 +0900 Subject: [PATCH 6/9] update eip-3.md --- EIPS/eip-3.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/EIPS/eip-3.md b/EIPS/eip-3.md index f6093fb2..53581085 100644 --- a/EIPS/eip-3.md +++ b/EIPS/eip-3.md @@ -37,3 +37,7 @@ It is possible to defend against this in two ways: # Specification The opcode `CALLDEPTH` should return the remaining call stack depth. A value of `0` means that the call stack is exhausted, and no further calls can be made. + +# Rationale + +The actual call stack depth, as well as the call stack depth limit, are present in the EVM during execution, but just not available within the EVM. The implementation should be fairly simple and would provide a cheap and way to protect against call stack attacks. From 97a48d9ba68b440ab1737b919ed07aa61994cb66 Mon Sep 17 00:00:00 2001 From: zaq1tomo Date: Thu, 8 Mar 2018 17:26:14 +0900 Subject: [PATCH 7/9] update eip-3.md --- EIPS/eip-3.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/EIPS/eip-3.md b/EIPS/eip-3.md index 53581085..a61468fc 100644 --- a/EIPS/eip-3.md +++ b/EIPS/eip-3.md @@ -41,3 +41,7 @@ The opcode `CALLDEPTH` should return the remaining call stack depth. A value of # Rationale The actual call stack depth, as well as the call stack depth limit, are present in the EVM during execution, but just not available within the EVM. The implementation should be fairly simple and would provide a cheap and way to protect against call stack attacks. + +# Implementation + +Not implemented. From 027f394c2e9af16f0aecb702490c612b4be2c1d5 Mon Sep 17 00:00:00 2001 From: zaq1tomo Date: Thu, 8 Mar 2018 17:26:53 +0900 Subject: [PATCH 8/9] delete eip-3.mediawiki --- EIPS/eip-3.mediawiki | 47 -------------------------------------------- 1 file changed, 47 deletions(-) delete mode 100644 EIPS/eip-3.mediawiki diff --git a/EIPS/eip-3.mediawiki b/EIPS/eip-3.mediawiki deleted file mode 100644 index 526781bc..00000000 --- a/EIPS/eip-3.mediawiki +++ /dev/null @@ -1,47 +0,0 @@ -
-  EIP: 3
-  Title: Addition of CALLDEPTH opcode
-  Author: Martin Holst Swende 
-  Status: Draft
-  Type: Standards Track
-  Layer: Consensus (hard-fork)
-  Created: 2015-11-19
-
- -==Abstract== - -This is a proposal to add a new opcode, CALLDEPTH. The CALLDEPTH opcode would return the remaining available call stack depth. - -==Motivation== - -There is a limit specifying how deep contracts can call other contracts; the call stack. The limit is currently `256`. If a contract invokes another contract (either via `CALL` or `CALLCODE`), the operation will fail if the call stack depth limit has been reached. - -This behaviour makes it possible to subject a contract to a "call stack attack" [1]. In such an attack, an attacker first creates a suitable depth of the stack, e.g. by recursive calls. After this step, the attacker invokes the targeted contract. If the targeted calls another contract, that call will fail. If the return value is not properly checked to see if the call was successfull, the consequences could be damaging. - -Example: - -# Contract `A` want's to be invoked regularly, and pays Ether to the invoker in every block. -# When contract `A` is invoked, it calls contracts `B` and `C`, which consumes a lot of gas. After invocation, contract `A` pays Ether to the caller. -# Malicious user `X` ensures that the stack depth is shallow before invoking A. Both calls to `B` and `C` fail, but `X` can still collect the reward. - -It is possible to defend against this in two ways: - -# Check return value after invocation. -# Check call stack depth experimentally. A library [2] by Piper Merriam exists for this purpose. This method is quite costly in gas. - - -[1] a.k.a "shallow stack attack" and "stack attack". However, to be precise, the word ''stack'' has a different meaning within the EVM, and is not to be confused with the ''call stack''. - -[2] https://github.com/pipermerriam/ethereum-stack-depth-lib - -==Specification== - -The opcode CALLDEPTH should return the remaining call stack depth. A value of 0 means that the call stack is exhausted, and no further calls can be made. - -==Rationale== - -The actual call stack depth, as well as the call stack depth limit, are present in the EVM during execution, but just not available within the EVM. The implementation should be fairly simple and would provide a cheap and way to protect against call stack attacks. - -==Implementation== - -Not implemented. From b04ad3c9d1b4866fcf54caabcacc2dca3dbc658a Mon Sep 17 00:00:00 2001 From: zaq1tomo Date: Thu, 8 Mar 2018 17:29:10 +0900 Subject: [PATCH 9/9] Update REASDE.md (eip-3.mediawiki to eip-3.md) --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index b156d671..2211de95 100644 --- a/README.md +++ b/README.md @@ -13,7 +13,7 @@ First review [EIP-1](EIPS/eip-1.md). Then clone the repository and add your EIP # Non-final EIPs | Number | Title | Author | Layer | Status | | ------------------------- | ------------------------------------------------------- | ----------------------------- | --------- | ---------- | -| [3](EIPS/eip-3.mediawiki) | Addition of CALLDEPTH opcode | Martin Holst Swende | Core | Draft | +| [3](EIPS/eip-3.md) | Addition of CALLDEPTH opcode | Martin Holst Swende | Core | Draft | | [4](EIPS/eip-4.md) | EIP Classification | Joseph Chow | Meta | Draft | | [5](EIPS/eip-5.md) | Gas Usage for `RETURN` and `CALL*` | Christian Reitwiessner | Core | Draft | | [101](EIPS/eip-101.md) | Serenity Currency and Crypto Abstraction | Vitalik Buterin | | Active |