EIP-2936: EXTCLEAR Opcode For SELFDESTRUCTed contracts
作者 | William Morriss |
---|---|
讨论-To | https://ethereum-magicians.org/t/eip-2936-extclear-for-selfdestruct/4569 |
状态 | Stagnant |
类型 | Standards Track |
分类 | Core |
创建日期 | 2020-09-03 |
英文版 | https://eips.ethereum.org/EIPS/eip-2936 |
目录
简述
Enable new opcode to clear storage for SELFDESTRUCTED
ed contracts.
Abstract
Changes SELFDESTRUCT
(0xff
) to not clear any storage and adds a new EXTCLEAR
(0x5c
) opcode that will clear a specific storage slot for a contract that has previously been self destructed.
Motivation
SELFDESTRUCT
(0xFF
) is unnecessarily complex because it clears an unbounded amount of contract storage. It is computationally expensive for nodes to track all of the storage used in every contract in case the contract SELFDESTRUCT
s. Further, contracts can be re-initialized using CREATE2
(0xF5
), and then SLOAD
(0x54
) prior storage. Therefore, several ethereum clients do not clear storage at all, and just check if the contract was initiated since SSTORE
(0x55
) during SLOAD
. CREATE2
was not intended to complicate SLOAD
, and this change reverts that complexity. Also, bugs in this implementation could split the network.
Instead this defers the time of storage cleanup, and leaves the storage in-place, which reduces the complexity of SLOAD
and SELFDESTRUCT
.
This empowers the CREATE2
reincarnation proxy pattern by retaining storage during upgrade, which would otherwise have to be reset again. An atomic reincarnation upgrade could clear a subset of storage during the upgrade, while the contract is destroyed, before reinstating it.
Specification
After FORK_BLOCK_NUM
, a new opcode, EXTCLEAR
, is enabled at 0x5C
to clear storage for SELFDESTRUCT
ed contracts. EXTCLEAR
:
- does not push any words onto the stack
- pops two words off the stack: the destroyed contract address and a storage address
- if the contract exists, charge the same gas cost as
EXTCODEHASH
(0x3F
) - otherwise, if the storage is zero, charge the same gas as
EXTCODEHASH
plusSLOAD
- otherwise, the destroyed contract’s slot is reset to 0, charging the same gas as
EXTCODEHASH
andSSTORE
when resetting storage, while also refunding the amount specified inSSTORE
.
SELFDESTRUCT
is modified to not clear contract storage. This change also works retroactively: all prior destroyed contracts can be cleaned up.
Rationale
0x5C
is available in the same range as SSTORE
and SLOAD
.
向后兼容性
A reincarnation upgrade mechanism that expects all internal storage to be cleared might break, but such an upgrade mechanism would allow adaptation to this new behavior.
测试用例
TODO
Implementation
Implementation is required on all major clients to add the opcode.
Security Considerations
A reincarnated contract that does not expect its state to be cleared by malicious actors SHOULD reinitialize itself to avoid antagonistic EXTCLEAR
.
Copyright
Copyright and related rights waived via CC0.
参考文献
Please cite this document as:
William Morriss, "EIP-2936: EXTCLEAR Opcode For SELFDESTRUCTed contracts [DRAFT]," Ethereum Improvement Proposals, no. 2936, September 2020. [Online serial]. Available: https://eips.ethereum.org/EIPS/eip-2936.