From b5f2e0d829a7ed19382b4b93882ee746eec07696 Mon Sep 17 00:00:00 2001 From: RenanSouza2 Date: Mon, 20 Mar 2023 17:28:34 -0300 Subject: [PATCH 01/11] EIP contract collision --- EIPS/eip-creation_collision.md | 73 ++++++++++++++++++++++++++++++++++ 1 file changed, 73 insertions(+) create mode 100644 EIPS/eip-creation_collision.md diff --git a/EIPS/eip-creation_collision.md b/EIPS/eip-creation_collision.md new file mode 100644 index 0000000000000..2164ebf71b5fb --- /dev/null +++ b/EIPS/eip-creation_collision.md @@ -0,0 +1,73 @@ +--- +title: Revert creation in case of collision +description: Revert contract creation if address already has code +author: Renan Rodrigues de Souza (@RenanSouza2) +discussions-to: <--> +status: Draft +type: Standards Track +category: Core +created: 2023-03-20 +--- + +## Abstract + +There is no current definition to what happens when a contract creation happens in an address with code already deployed. This fix prevents an attack of deploying a contract code and later changing the code arbitrarily. + +## Motivation + +In EIP-3607 it was estimated that to create an address collision it would take something about 10 billion USD and this number decreases as computers processing power grow. + +## Specification + +In contract creation where `new contract address` has a `CODEHASH != EMPTYCODEHASH` MUST have its current environment execution reverted, where `EMPTYCODEHASH = 0xc5d2460186f7233c927e7db2dcc703c0e500b653ca82273b7bfad8045d85a470`. + +## Rationale + +One of the core tenants of smart contracts is it's code being guranteed not to change, with enougth computing power an attacker can change the code stored in an address to any other code allowing them to remove funds or transfer tokens. + +## Backwards Compatibility + +There is a very small possibility of this collision happening to contract cration by contracts. + +## Test Cases + +Given a genesis allocation of + +``` +Address : 0x5FbDB2315678afecb367f032d93F642f64180aa3, +Balance : 1000000000000000000, // 1 ether +Nonce : 0, +code : "", + +Address : 0x5FbDB2315678afecb367f032d93F642f64180aa3, +Balance : 0, +Nonce : 1, +Code : "0xB0B0FACE", +``` +A contract created in the first transaction from EOA `0x5FbDB2...` (`227bcc6959669226360814723ed739f1214201584b6a27409dfb8228b8be5f59`), with no salt, should revert. + + +## Reference Implementation + +The following check MUST be included in the function create function, MUST revert in case the check fails. + +``` +// During the execution of the create function Λ, defined in the yellow paper +// after computing the address of the new contract 'a' + +a ≡ ADDR(s, σ[s]n − 1, ζ, i) + +require(σ[a]c != EMPTYCODEHASH) +``` + +## Security Considerations + +This EIP is a security upgrade: it reinforces the imutability of a deployed code. + +## Copyright + +Copyright and related rights waived via [CC0](../LICENSE.md). + +## Citation + +Please cite this document as Renan Souza, "EIP-creation_collision: Revert creation in case of collision" From 101c4a638b8e11f8f28794bf17a02962f090780d Mon Sep 17 00:00:00 2001 From: RenanSouza2 Date: Mon, 20 Mar 2023 17:36:49 -0300 Subject: [PATCH 02/11] Update discussion link --- EIPS/eip-creation_collision.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/EIPS/eip-creation_collision.md b/EIPS/eip-creation_collision.md index 2164ebf71b5fb..a02a46fce7889 100644 --- a/EIPS/eip-creation_collision.md +++ b/EIPS/eip-creation_collision.md @@ -1,8 +1,9 @@ --- +eip: title: Revert creation in case of collision description: Revert contract creation if address already has code author: Renan Rodrigues de Souza (@RenanSouza2) -discussions-to: <--> +discussions-to: https://ethereum-magicians.org/t/eip-revert-on-address-collision/13442 status: Draft type: Standards Track category: Core From e9e37737d4a372b15f0cddfeceacc4c820207a9a Mon Sep 17 00:00:00 2001 From: RenanSouza2 Date: Tue, 21 Mar 2023 14:22:39 -0300 Subject: [PATCH 03/11] Grammar fix, EIP number --- EIPS/{eip-creation_collision.md => eip-6733.md} | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) rename EIPS/{eip-creation_collision.md => eip-6733.md} (80%) diff --git a/EIPS/eip-creation_collision.md b/EIPS/eip-6733.md similarity index 80% rename from EIPS/eip-creation_collision.md rename to EIPS/eip-6733.md index a02a46fce7889..f119ae5d8c2cc 100644 --- a/EIPS/eip-creation_collision.md +++ b/EIPS/eip-6733.md @@ -1,5 +1,5 @@ --- -eip: +eip: 6733 title: Revert creation in case of collision description: Revert contract creation if address already has code author: Renan Rodrigues de Souza (@RenanSouza2) @@ -12,7 +12,7 @@ created: 2023-03-20 ## Abstract -There is no current definition to what happens when a contract creation happens in an address with code already deployed. This fix prevents an attack of deploying a contract code and later changing the code arbitrarily. +There is no current definition to what happens when a contract creation happens in an address with code already deployed. This fix prevents an attack of deploying contract code and later changing the code arbitrarily. ## Motivation @@ -24,11 +24,11 @@ In contract creation where `new contract address` has a `CODEHASH != EMPTYCODEHA ## Rationale -One of the core tenants of smart contracts is it's code being guranteed not to change, with enougth computing power an attacker can change the code stored in an address to any other code allowing them to remove funds or transfer tokens. +One of the core tenants of smart contracts is its code being guaranteed not to change. With enougth computing power an attacker can change the code stored in an address to any other code, allowing them to remove funds or transfer tokens. ## Backwards Compatibility -There is a very small possibility of this collision happening to contract cration by contracts. +There is a very small possibility of this collision happening to contract creation by contracts. ## Test Cases @@ -71,4 +71,4 @@ Copyright and related rights waived via [CC0](../LICENSE.md). ## Citation -Please cite this document as Renan Souza, "EIP-creation_collision: Revert creation in case of collision" +Please cite this document as Renan Souza, "EIP-6733: Revert creation in case of collision" From ae89f0fa199e67cc1c9e3b4720e6efe052ed21b0 Mon Sep 17 00:00:00 2001 From: RenanSouza2 Date: Tue, 21 Mar 2023 14:33:24 -0300 Subject: [PATCH 04/11] linter fixes --- EIPS/eip-6733.md | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/EIPS/eip-6733.md b/EIPS/eip-6733.md index f119ae5d8c2cc..29663a81d1222 100644 --- a/EIPS/eip-6733.md +++ b/EIPS/eip-6733.md @@ -16,7 +16,7 @@ There is no current definition to what happens when a contract creation happens ## Motivation -In EIP-3607 it was estimated that to create an address collision it would take something about 10 billion USD and this number decreases as computers processing power grow. +In [EIP-3607](https://eips.ethereum.org/EIPS/eip-3607) it was estimated that to create an address collision it would take something about 10 billion USD and this number decreases as computers processing power grow. ## Specification @@ -45,6 +45,7 @@ Balance : 0, Nonce : 1, Code : "0xB0B0FACE", ``` + A contract created in the first transaction from EOA `0x5FbDB2...` (`227bcc6959669226360814723ed739f1214201584b6a27409dfb8228b8be5f59`), with no salt, should revert. @@ -68,7 +69,3 @@ This EIP is a security upgrade: it reinforces the imutability of a deployed code ## Copyright Copyright and related rights waived via [CC0](../LICENSE.md). - -## Citation - -Please cite this document as Renan Souza, "EIP-6733: Revert creation in case of collision" From bbe21bcd17593afa4b18fe8472020e621944360e Mon Sep 17 00:00:00 2001 From: RenanSouza2 Date: Tue, 21 Mar 2023 14:37:22 -0300 Subject: [PATCH 05/11] internal link fix --- EIPS/eip-6733.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/EIPS/eip-6733.md b/EIPS/eip-6733.md index 29663a81d1222..536553ff3656e 100644 --- a/EIPS/eip-6733.md +++ b/EIPS/eip-6733.md @@ -16,7 +16,7 @@ There is no current definition to what happens when a contract creation happens ## Motivation -In [EIP-3607](https://eips.ethereum.org/EIPS/eip-3607) it was estimated that to create an address collision it would take something about 10 billion USD and this number decreases as computers processing power grow. +In [EIP-3607](./eip-3607.md) it was estimated that to create an address collision it would take something about 10 billion USD and this number decreases as computers processing power grow. ## Specification From 572a7f6c710212605267f0538e524b2a2d5f8a61 Mon Sep 17 00:00:00 2001 From: RenanSouza2 Date: Wed, 22 Mar 2023 16:22:02 -0300 Subject: [PATCH 06/11] Inclusion of suggestions Test case address correction --- EIPS/eip-6733.md | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/EIPS/eip-6733.md b/EIPS/eip-6733.md index 536553ff3656e..72f7cc1ffdf94 100644 --- a/EIPS/eip-6733.md +++ b/EIPS/eip-6733.md @@ -16,26 +16,30 @@ There is no current definition to what happens when a contract creation happens ## Motivation -In [EIP-3607](./eip-3607.md) it was estimated that to create an address collision it would take something about 10 billion USD and this number decreases as computers processing power grow. +In [EIP-3607](./eip-3607.md) it was estimated to require 10 billion USD in computing power to create an address collision. This number decreases as computers become more efficient over time. ## Specification +The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 and RFC 8174. + In contract creation where `new contract address` has a `CODEHASH != EMPTYCODEHASH` MUST have its current environment execution reverted, where `EMPTYCODEHASH = 0xc5d2460186f7233c927e7db2dcc703c0e500b653ca82273b7bfad8045d85a470`. ## Rationale -One of the core tenants of smart contracts is its code being guaranteed not to change. With enougth computing power an attacker can change the code stored in an address to any other code, allowing them to remove funds or transfer tokens. +One of the core tenants of smart contracts is that its code will not change. However with sufficient computing power an attacker can change the code stored in an address to any other code, steal funds or execute other malicious activity. ## Backwards Compatibility There is a very small possibility of this collision happening to contract creation by contracts. +This is an execution layer upgrade, and so it requires a hard fork. + ## Test Cases Given a genesis allocation of ``` -Address : 0x5FbDB2315678afecb367f032d93F642f64180aa3, +Address : 0xd0bBEc6D2c628b7e2E6D5556daA14a5181b604C5, Balance : 1000000000000000000, // 1 ether Nonce : 0, code : "", @@ -46,7 +50,7 @@ Nonce : 1, Code : "0xB0B0FACE", ``` -A contract created in the first transaction from EOA `0x5FbDB2...` (`227bcc6959669226360814723ed739f1214201584b6a27409dfb8228b8be5f59`), with no salt, should revert. +A contract created in the first transaction from EOA `0xd0bBEc6...` (`227bcc6959669226360814723ed739f1214201584b6a27409dfb8228b8be5f59`), with no salt, should revert. ## Reference Implementation From 03136b8facdfd2b2cd74b283c2471c4a760aee97 Mon Sep 17 00:00:00 2001 From: RenanSouza2 Date: Wed, 22 Mar 2023 23:34:37 -0300 Subject: [PATCH 07/11] accept suggestions, address correction --- EIPS/eip-6733.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/EIPS/eip-6733.md b/EIPS/eip-6733.md index 72f7cc1ffdf94..ae402406082d5 100644 --- a/EIPS/eip-6733.md +++ b/EIPS/eip-6733.md @@ -22,7 +22,7 @@ In [EIP-3607](./eip-3607.md) it was estimated to require 10 billion USD in compu The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 and RFC 8174. -In contract creation where `new contract address` has a `CODEHASH != EMPTYCODEHASH` MUST have its current environment execution reverted, where `EMPTYCODEHASH = 0xc5d2460186f7233c927e7db2dcc703c0e500b653ca82273b7bfad8045d85a470`. +If a previously-existing account in the state trie would have its code modified by the the `CREATE` or `CREATE2` opcodes, or by transferring ether to the zero address, instead, the call or ether transfer MUST revert. The `CREATE` and `CREATE2` opcodes MUST cost an additional `100` gas. ## Rationale @@ -30,8 +30,6 @@ One of the core tenants of smart contracts is that its code will not change. How ## Backwards Compatibility -There is a very small possibility of this collision happening to contract creation by contracts. - This is an execution layer upgrade, and so it requires a hard fork. ## Test Cases From 8bc77531ea86ef24d98567f0bd43a39ad52adb33 Mon Sep 17 00:00:00 2001 From: RenanSouza2 Date: Fri, 24 Mar 2023 09:58:38 -0300 Subject: [PATCH 08/11] some changes --- EIPS/eip-6733.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/EIPS/eip-6733.md b/EIPS/eip-6733.md index ae402406082d5..bcc8fbd730d5c 100644 --- a/EIPS/eip-6733.md +++ b/EIPS/eip-6733.md @@ -22,7 +22,7 @@ In [EIP-3607](./eip-3607.md) it was estimated to require 10 billion USD in compu The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 and RFC 8174. -If a previously-existing account in the state trie would have its code modified by the the `CREATE` or `CREATE2` opcodes, or by transferring ether to the zero address, instead, the call or ether transfer MUST revert. The `CREATE` and `CREATE2` opcodes MUST cost an additional `100` gas. +If a previously-existing account in the state trie would have its code modified by the the `CREATE` or `CREATE2` opcodes, or by transferring ether to the address ∅ (contract deploy from EOA), instead, the call or ether transfer MUST revert. The `CREATE` and `CREATE2` opcodes MUST cost an additional `100` gas. ## Rationale From 6f7651e45201fe08135ae87e50e3a940a831f6f1 Mon Sep 17 00:00:00 2001 From: RenanSouza2 Date: Sun, 26 Mar 2023 20:16:41 -0300 Subject: [PATCH 09/11] second address correction --- EIPS/eip-6733.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/EIPS/eip-6733.md b/EIPS/eip-6733.md index bcc8fbd730d5c..3e1fcf3f86585 100644 --- a/EIPS/eip-6733.md +++ b/EIPS/eip-6733.md @@ -42,7 +42,7 @@ Balance : 1000000000000000000, // 1 ether Nonce : 0, code : "", -Address : 0x5FbDB2315678afecb367f032d93F642f64180aa3, +Address : 0x7658771dc6Af74a3d2F8499D349FF9c1a0DF8826, Balance : 0, Nonce : 1, Code : "0xB0B0FACE", From 3b480d66a9dde1c28fdb589a906fbaa1f9b38279 Mon Sep 17 00:00:00 2001 From: Gavin John Date: Sun, 26 Mar 2023 20:38:54 -0400 Subject: [PATCH 10/11] Update and rename eip-6733.md to eip-684.md --- EIPS/{eip-6733.md => eip-684.md} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename EIPS/{eip-6733.md => eip-684.md} (99%) diff --git a/EIPS/eip-6733.md b/EIPS/eip-684.md similarity index 99% rename from EIPS/eip-6733.md rename to EIPS/eip-684.md index 3e1fcf3f86585..4e59eec2d20be 100644 --- a/EIPS/eip-6733.md +++ b/EIPS/eip-684.md @@ -1,5 +1,5 @@ --- -eip: 6733 +eip: 684 title: Revert creation in case of collision description: Revert contract creation if address already has code author: Renan Rodrigues de Souza (@RenanSouza2) From a21727d64374284a0af56258dd5ddf04d67e8fc7 Mon Sep 17 00:00:00 2001 From: Gavin John Date: Sun, 26 Mar 2023 20:46:54 -0400 Subject: [PATCH 11/11] Update eip-684.md --- EIPS/eip-684.md | 28 +++++----------------------- 1 file changed, 5 insertions(+), 23 deletions(-) diff --git a/EIPS/eip-684.md b/EIPS/eip-684.md index 4e59eec2d20be..edd91ce05ccd1 100644 --- a/EIPS/eip-684.md +++ b/EIPS/eip-684.md @@ -2,9 +2,9 @@ eip: 684 title: Revert creation in case of collision description: Revert contract creation if address already has code -author: Renan Rodrigues de Souza (@RenanSouza2) +author: Vitalik Buterin (@vbuterin), Renan Rodrigues de Souza (@RenanSouza2) discussions-to: https://ethereum-magicians.org/t/eip-revert-on-address-collision/13442 -status: Draft +status: Final type: Standards Track category: Core created: 2023-03-20 @@ -12,17 +12,13 @@ created: 2023-03-20 ## Abstract -There is no current definition to what happens when a contract creation happens in an address with code already deployed. This fix prevents an attack of deploying contract code and later changing the code arbitrarily. - -## Motivation - -In [EIP-3607](./eip-3607.md) it was estimated to require 10 billion USD in computing power to create an address collision. This number decreases as computers become more efficient over time. +This EIP causes contract creation to throw an error when attemted at an address with pre-existing code. This prevents an attack consisting of deploying contract code and later changing the code arbitrarily by "creating" an account at that existing address. ## Specification The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 and RFC 8174. -If a previously-existing account in the state trie would have its code modified by the the `CREATE` or `CREATE2` opcodes, or by transferring ether to the address ∅ (contract deploy from EOA), instead, the call or ether transfer MUST revert. The `CREATE` and `CREATE2` opcodes MUST cost an additional `100` gas. +If a contract creation is attempted due to a creation transaction, the `CREATE` opcode, the `CREATE2` opcode, or any other reason, and the destination address already has either a nonzero nonce, or a nonzero code length, then the creation MUST throw as if the first byte in the init code were an invalid opcode. This change MUST apply retroactively for all existing blocks. ## Rationale @@ -50,23 +46,9 @@ Code : "0xB0B0FACE", A contract created in the first transaction from EOA `0xd0bBEc6...` (`227bcc6959669226360814723ed739f1214201584b6a27409dfb8228b8be5f59`), with no salt, should revert. - -## Reference Implementation - -The following check MUST be included in the function create function, MUST revert in case the check fails. - -``` -// During the execution of the create function Λ, defined in the yellow paper -// after computing the address of the new contract 'a' - -a ≡ ADDR(s, σ[s]n − 1, ζ, i) - -require(σ[a]c != EMPTYCODEHASH) -``` - ## Security Considerations -This EIP is a security upgrade: it reinforces the imutability of a deployed code. +This EIP is a security upgrade: it enforces the imutability of deployed code. ## Copyright