status-im/EIPs
2
0
Fork 0
mirror of https://github.com/status-im/EIPs.git synced 2025-02-24 12:48:20 +00:00
Code Issues Projects Releases Wiki Activity
EIPs/EIPS/eip-1706.md
Micah Zoltu 15f61ed0fd
Adds rule to EIP-1 that references to other EIPs must use relative path format and the first reference must be linked. (#2947) 
I have gone through and updated all existing EIPs to match this rule, including EIP-1.

In some cases, people were using markdown citations, I suspect because the long-form was a bit verbose to inline.  Since the relative path is quite short, I moved these to inline but I wouldn't be opposed to putting them back to citation format if that is desired by the authors.

In doing the migration/cleanup, I found some EIP references to EIPs that don't actually exist.  In these cases I tried to excise the reference from the EIP as best I could.

It is worth noting that the Readme actually already had this rule, it just wasn't expressed properly in EIP-1 and the "Citation Format" section of the readme I think caused people a bit of confusion (when citing externally, you should use the citation format).
2020-09-30 12:22:43 +08:00

64 lines
3.3 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
eip: 1706
title: Disable SSTORE with gasleft lower than call stipend
author: Alex Forshtat <alex@tabookey.com>, Yoav Weiss <yoav@tabookey.com>
discussions-to: https://github.com/alex-forshtat-tbk/EIPs/issues/1
status: Abandoned
type: Standards Track
category: Core
created: 2019-01-15
requires: 1283
superseded-by: 2200
---
> :information_source: **[EIP-2200] has superseded [EIP-1706].** :information_source:
## Simple Summary
The proposal that had been accepted changes security properties of a large portion of an existing contract code base that may be infeasible to update and validate. This proposal will make the old assumptions hold even after a network upgrade.
## Abstract
[EIP-1283](./eip-1283.md) significantly lowers the gas costs of writing to contract's storage. This created a danger of a new kind of reentrancy attacks on existing contracts as Solidity by default grants a 'stipend' of 2300 gas to simple transfer calls.
This danger is easily mitigated if SSTORE is not allowed in low gasleft state, without breaking the backward compatibility and the original intention of this EIP.
## Motivation
An attack that is described in [this article](https://medium.com/chainsecurity/constantinople-enables-new-reentrancy-attack-ace4088297d9).
Explicitly specifying the call stipend as an invariant will have a positive effect on Ethereum protocol security:
https://www.reddit.com/r/ethereum/comments/agdqsm/security_alert_ethereum_constantinople/ee5uvjt
## Specification
Add the following condition to to the SSTORE opcode gas cost calculation:
* If *gasleft* is less than or equal to 2300, fail the current call frame
with 'out of gas' exception.
## Rationale
In order to keep in place the implicit reentrancy protection of existing contracts, transactions should not be allowed to modify state if the remaining gas is lower then the 2300 stipend given to 'transfer'/'send' in Solidity.
These are other proposed remediations and objections to implementing them:
* Drop EIP-1283 and abstain from modifying SSTORE cost
* EIP-1283 is an important update
* It was accepted and implemented on test networks and in clients.
* Add a new call context that permits LOG opcodes but not changes to state.
* Adds another call type beyond existing regular/staticcall
* Raise the cost of SSTORE to dirty slots to >=2300 gas
* Makes net gas metering much less useful.
* Reduce the gas stipend
* Makes the stipend almost useless.
* Increase the cost of writes to dirty slots back to 5000 gas, but add 4800 gas to the refund counter
* Still doesnt make the invariant explicit.
* Requires callers to supply more gas, just to have it refunded
* Add contract metadata specifying per-contract EVM version, and only apply SSTORE changes to contracts deployed with the new version.
## Backwards Compatibility
Performing SSTORE has never been possible with less than 5000 gas, so it does not introduce incompatibility to the Ethereum mainnet. Gas estimation should account for this requirement.
## Test Cases
Test cases for an implementation are mandatory for EIPs that are affecting consensus changes. Other EIPs can choose to include links to test cases if applicable.
TODO
## Implementation
TODO
## Copyright
Copyright and related rights waived via [CC0](https://creativecommons.org/publicdomain/zero/1.0/).
Reference in New Issue View Git Blame Copy Permalink