-
Notifications
You must be signed in to change notification settings - Fork 5.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Proposed initial abstraction changes for Metropolis #86
Comments
unlike for the powhash where they are not present at all :-/ |
1/2/3 mean state trie will grow indefinitely large (so far there would be an additional ~50MB on it, a substantial increase on the pruned, compressed state db) |
|
Solid. V, can you show Gav the DK Gas email. JG |
for 9, what happens when there's a collision? |
it should also be noted that (12) and (13) are suggested miner alterations, but do not form part of the consensus protocol. |
Perhaps. Alas, essential weekend reading: http://www.mit.edu/~mrognlie/piketty_diminishing_returns.pdf |
Fixed the naming conventions for msz.
However, note that this growth is constant in tx load; right now, it's 20% of the state size, but in a future environment where we see 5-10 tx/sec, it will be much smaller, and we should optimize for that case. Additionally, if we are still uncomfortable with storing ALL state roots, then there is a compromise solution where we store the state roots at key
I would say failure (either do nothing and return zero, or exception). We could remove the issue entirely by adding a nonce back in to the formula, but I want to avoid this because one of my goals with EIP 101 is the desire to remove the notion of in-protocol sequence numbers entirely, moving all of that logic to the protocol level. So if you want to create multiple instances of the same contract, you can just append a nonce after the code, and maintain and increment the nonce yourself in storage; this can all be done with a few EVM operations, and simplifies the protocol further as we don't have to deal with the current logic around when nonces are and aren't incremented within consensus code. |
Changed the hash with state root/mixhash/nonce as empty strings into the standard PoW hash, but with the state root replaced with the empty string. Added rationale to post; here it is copied for convenience:
|
What happens if a slot is SLOAD'ed from that has been SSTOREBYTES'ed before? |
Last 32 bytes, left-zero-padded. |
@vbuterin Still many open questions regarding the variable-size slots. Is the general idea that So using Furthermore, I am not sure that the memory exceptions for Also it could be considered whether |
Yes, with the exception that you can use SSTOREBYTES and not SSTORE to save 32 zero bytes, as you brought up.
True. I'm fine either way.
I would prefer no. It's not consistent with the ABI, but the ABI is a high-level construct. Return slices of CALL and the like are not zero-padded to multiples of 32, and it is consistent with that. |
12: I think we should still perform some static analysis on the target contract, it is easy to spam miners with a lot of txes with small startgas. |
General concern: If we move nonce checking into the contract, to we still enforce the requirement that the chain should never include two transactions with the same hash? |
9: I would guess that none of the existing contracts relies on the actual way the new address is calculated in a |
I would say no. One of the key positive side effects of an eventual universal adoption of EIP 101 is that transaction validity becomes statically evaluable, which means that blocks can be validated independently of having the prior state.
True. If we decide that this is a problem, one simple solution would be that if the destination address contains code, we keep incrementing the address by 1 (wrapping around if needed) until it doesn't, and run the code at the first address we find that is empty. |
👍 on incrementing address on collision. In addition (ha) to all current contract-creating contracts continuing (ha ha) to function, it permanently resolves the question of two contracts accidentally having the same address. |
Letting contracts pay fees is also needed by Zerocash over Ethereum (zcash-hackworks/babyzoe#1). |
There is a great difference between contract and EOA-with-bytecode for ERC #223 token transaction: If the receiver is an EOA with the implementation of If receiver is an EOA without If the receiver is a contract, |
Is this still slated for Metropolis? Is "mid-summer" still looking reasonably likely for Metropolis? I ask because I have a need to create a proxy-contract with a non-trivial ownership pattern and I'm wondering if I should try to create it now, and deal with all of the UI complexities that come with trying to interact with dApps through a proxy contract (I believe at the moment this is basically impossible if I want to use their UI) or if I should wait for Metropolis, which it sounds like will allow for this without having to write a custom UI for every dApp out there. I believe uPort also has this problem, where if you want to use a dApp with uPort the dApp needs to be built to support uPort or you need to use uPort as your transaction processor (instead of a local node) so they can handle all of the complexities server-side with wrapping up your transaction calls and piping them through their proxy. |
@Arachnid You nominated this as an "EIPs that should be merged". Can you please share your notes on that here? |
1 similar comment
@Arachnid You nominated this as an "EIPs that should be merged". Can you please share your notes on that here? |
There has been no activity on this issue for two months. It will be closed in a week if no further activity occurs. If you would like to move this EIP forward, please respond to any outstanding feedback or add a comment indicating that you have addressed all required feedback and are ready for a review. |
This issue was closed due to inactivity. If you are still pursuing it, feel free to reopen it and respond to any feedback or request a review in a comment. |
This comment was marked as spam.
This comment was marked as spam.
This comment was marked as spam.
This comment was marked as spam.
I was invoked by the above spam bot, but this seems like a really good idea. In fact, it's nearly identical to something I thought about only a few weeks ago: https://ethresear.ch/t/assumptionless-ethereum/14010/4. Should we try to resurrect this? |
|
This document is outdated; see #208 for current details.
Specification
If
block.number >= METROPOLIS_FORK_BLKNUM
, then:(0, 0, 0)
(ie.v = r = s = 0
), then treat it as valid and set the sender address to2**160 - 1
sha3(0 + init code) % 2**160
, where+
represents concatenation, replacing the earlier address formula ofsha3(rlp.encode([sender, nonce]))
0xfb
,CREATE_P2SH
, which sets the creation address tosha3(sender + init code) % 2**160
. If a contract at that address already exists, fails and returns 0 as if the init code had run out of gas.Rationale
The goal of these changes is to set the stage for abstraction of account security. Instead of having an in-protocol mechanism where ECDSA and the default nonce scheme are enshrined as the only "standard" way to secure an account, we take initial steps toward a model where in the long term all accounts are contracts, contracts can pay for gas, and users are free to define their own security model.
Under EIP 86, we can expect users to store their ether in contracts, whose code might look like the following (example in Serpent):
This can be thought of as a "forwarding contract". It accepts data from the "entry point" address 2**160 - 1 (an account that anyone can send transactions from), expecting that data to be in the format
[sig, nonce, to, value, gasprice, data]
. The forwarding contract verifies the signature, and if the signature is correct it sets up a payment to the miner and then sends a call to the desired address with the provided value and data.The benefits that this provides lie in the most interesting cases:
(2) and (3) introduce a feature similar to bitcoin's P2SH, allowing users to send funds to addresses that provably map to only one particular piece of code. Something like this is crucial in the long term because, in a world where all accounts are contracts, we need to preserve the ability to send to an account before that account exists on-chain, as that's a basic functionality that exists in all blockchain protocols today.
Miner strategy
Note that miners would need to have a strategy for accepting these transactions. This strategy would need to be very discriminating, because otherwise they run the risk of accepting transactions that do not pay them any fees, and possibly even transactions that have no effect (eg. because the transaction was already included and so the nonce is no longer current). One simple approach is to have a whitelist for the codehash of accounts that they accept transactions being sent to; approved code would include logic that pays miners transaction fees. However, this is arguably too restrictive; a looser but still effective strategy would be to accept any code that fits the same general format as the above, consuming only a limited amount of gas to perform nonce and signature checks and having a guarantee that transaction fees will be paid to the miner. Another strategy is to, alongside other approaches, try to process any transaction that asks for less than 250,000 gas, and include it only if the miner's balance is appropriately higher after executing the transaction than before it.
See https://www.reddit.com/r/ethereum/comments/5ab69v/metropolis_protocol_change_proposal_highlight_for/ for reddit discussion.
The text was updated successfully, but these errors were encountered: