EIP-2936: EXTCLEAR Opcode For SELFDESTRUCTed contracts
| 作者 | William Morriss |
|---|---|
| 讨论-To | https://ethereum-magicians.org/t/eip-2936-extclear-for-selfdestruct/4569 |
| 状态 | Stagnant |
| 类型 | Standards Track |
| 分类 | Core |
| 创建日期 | 2020-09-03 |
| 英文版 | https://eips.ethereum.org/EIPS/eip-2936 |
目录
简述
Enable new opcode to clear storage for SELFDESTRUCTEDed contracts.
Abstract
Changes SELFDESTRUCT (0xff) to not clear any storage and adds a new EXTCLEAR (0x5c) opcode that will clear a specific storage slot for a contract that has previously been self destructed.
Motivation
SELFDESTRUCT (0xFF) is unnecessarily complex because it clears an unbounded amount of contract storage. It is computationally expensive for nodes to track all of the storage used in every contract in case the contract SELFDESTRUCTs. Further, contracts can be re-initialized using CREATE2 (0xF5), and then SLOAD (0x54) prior storage. Therefore, several ethereum clients do not clear storage at all, and just check if the contract was initiated since SSTORE (0x55) during SLOAD. CREATE2 was not intended to complicate SLOAD, and this change reverts that complexity. Also, bugs in this implementation could split the network.
Instead this defers the time of storage cleanup, and leaves the storage in-place, which reduces the complexity of SLOAD and SELFDESTRUCT.
This empowers the CREATE2 reincarnation proxy pattern by retaining storage during upgrade, which would otherwise have to be reset again. An atomic reincarnation upgrade could clear a subset of storage during the upgrade, while the contract is destroyed, before reinstating it.
Specification
After FORK_BLOCK_NUM, a new opcode, EXTCLEAR, is enabled at 0x5C to clear storage for SELFDESTRUCTed contracts. EXTCLEAR:
- does not push any words onto the stack
- pops two words off the stack: the destroyed contract address and a storage address
- if the contract exists, charge the same gas cost as
EXTCODEHASH(0x3F) - otherwise, if the storage is zero, charge the same gas as
EXTCODEHASHplusSLOAD - otherwise, the destroyed contract’s slot is reset to 0, charging the same gas as
EXTCODEHASHandSSTOREwhen resetting storage, while also refunding the amount specified inSSTORE.
SELFDESTRUCT is modified to not clear contract storage. This change also works retroactively: all prior destroyed contracts can be cleaned up.
Rationale
0x5C is available in the same range as SSTORE and SLOAD.
向后兼容性
A reincarnation upgrade mechanism that expects all internal storage to be cleared might break, but such an upgrade mechanism would allow adaptation to this new behavior.
测试用例
TODO
Implementation
Implementation is required on all major clients to add the opcode.
Security Considerations
A reincarnated contract that does not expect its state to be cleared by malicious actors SHOULD reinitialize itself to avoid antagonistic EXTCLEAR.
Copyright
Copyright and related rights waived via CC0.
参考文献
Please cite this document as:
William Morriss, "EIP-2936: EXTCLEAR Opcode For SELFDESTRUCTed contracts [DRAFT]," Ethereum Improvement Proposals, no. 2936, September 2020. [Online serial]. Available: https://eips.ethereum.org/EIPS/eip-2936.