1.8 KiB
EDITOR NOTE: below is a copy of the EIP 170 https://github.com/ethereum/EIPs/issues/170#issue-187221797 raw text fetched on 2017-06-23.
Specification
If block.number >= FORK_BLKNUM, then if contract creation initialization returns data with length of at least 24000 bytes, contract creation fails. Equivalently, one could describe this change as saying that the contract initialization gas cost is changed from 200 * len(code) to 200 * len(code) if len(code) < 24000 else 2**256 - 1.
Rationale
Currently, there remains one slight quadratic vulnerability in ethereum: when a contract is called, even though the call takes a constant amount of gas, the call can trigger O(n) cost in terms of reading the code from disk, preprocessing the code for VM execution, and also adding O(n) data to the Merkle proof for the block's proof-of-validity. At current gas levels, this is acceptable even if suboptimal. At the higher gas levels that could be triggered in the future, possibly very soon due to dynamic gas limit rules, this would become a greater concern - not nearly as serious as recent denial of service attacks, but still inconvenient especially for future light clients verifying proofs of validity or invalidity. The solution is to put a hard cap on the size of an object that can be saved to the blockchain, and do so non-disruptively by setting the cap at a value slightly higher than what is feasible with current gas limits (an pathological worst-case contract can be created with ~23200 bytes using 4.7 million gas, and a normally created contract can go up to ~18 kb).
If this is to be added, it should be added as soon as possible, or at least before any periods of higher than 4.7 million gas usage allow potential attackers to create contracts larger than 24000 bytes.