-
Notifications
You must be signed in to change notification settings - Fork 11.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ReentrancyGuard
with transient opcodes TSTORE
and TLOAD
#4205
Comments
Hello @pcaversaccio For the first part, this is definitely something I'd like to do when possible. The main issue I see is that this new opcode will not be available on some EVM network, so we'll need a solution for that. In any case, I think we will wait to see how the solidity language supports this feature. For the second part, I'm personally against it. Yes re-entrancy can lead to bugs, and being 100% safe against any form of re-entrancy (including read-only) re-entrancy is possibly difficult. But I would still qualify re-entrancy as a great feature for contract composability. IMO contract composability is possibly the most important feature of the EVM ecosystem. I fear that preventing re-entrancy by default would seriously limit composability. Also, I'm generally against any "forbid by default" approach. If a dev want to block re-entrancy in its app, then ok ... but we should not set that by default. I'd much rather see devs learn how to build re-entrant safety thatn learn that re-entrancy is disabled by the language. Additionally, I'm afraid what it will lead to: people writting entire contracts in yul directly to circumvent that restriction? Since 0.8.0 made safe-math by default, we see a lot of people advertising the use of unchecked in ways that affect the readability of the code. This trends is honestly driving me mad: |
Sure, my intent on this issue was not to immediately jump to a technical solution but to rather gather a discussion in one place. I think you raise a very important point on the differences within EVM implementations. I would go even further and claim that this discussion is not only about the transient opcodes right now, but generally about how OZ plans to deal with differences in the future. Just as another example, where a precompile breaks a common EVM assumption, is Moonbeam: Or another example is the behaviour of
I feel like those are all valid arguments. But I would like to share some proven facts from practice (at least my experience over the last 8 years or so):
I hope not :) - I honestly think that the |
My personal view on that (which is not OZ position) is that maybe those 5-10% of professionals should be the only one writting defi apps. I don't think "everyone should write smart contracts" like "everyone should write python scripts to help with taxes" or "everyone should write php to customize their personal wordpress". If the language decides to help the 90-95% its ok, as long as they don't make the work of the 5-10% more difficult to write and review. |
That is an interesting and necessary discussion that we don't really have so far. We worked on tooling to identify some key point of the VM behavior, in order to check our contract will behave as expected. This will possibly detect missing/modified features, but it won't identify new one (like the moonbeam precompile you mentioned). Its also unclear what we want to do with this information:
|
I guess there is no question that this is the ultimate goal.
Is that kind of tooling open-source?
Based on my experience, warnings are easily ignored. One solution could be to simply state in a disclaimer, that only fully EVM equivalent chains are supported (I drafted an EIP on the definition of this term here because I think it's very important to align here as a community, but unfortunately they closed it; I'm trying to push them to reconsider it again). But that solution might be too high-level and will be ignored by the folks that simply |
Another comment on EVM equivalence given the current circumstances: We are right now in a situation where there are numerous chains that do not support the latest EVM version |
It is a test suite rather than tooling, and it isn't really open source quality. One learning I can share is that it's more tough to deal with the "network level" specifics of a testnet than it is to deal with the EVM differences across networks (for now)! Regarding the point about EVM diverging, I share the concerns but I don't see anything that we can do for now rather than observing how PUSH0 adoption evolves. I also think that this issue about transient ReentrancyGuard is a little premature 🙂 but rest assured I also want to see that implemented. |
Can you quickly elaborate on what you exactly mean by the "network level specifics"? I.e. maybe challenges with the gossip protocol, state tries, signature verifications etc.? (and sorry for going off-topic here, since this issue is about the
Yeah, I was just thinking about it and wanted to drop my thoughts into an issue so we have a go-to source for this discussion. I mean I could also open another thread on FEM, but since it's implementation-specific I thought the OZ repo is appropriate 🙂. |
My man, yes. Concurrence is hard to grasp to begin with. We dont want to cater to everyone. Principled engineering is an attitude a a much as its experience and knowledge. If you are not serious to begin with go do something else. We want fanatics, no part time believers. |
🧐 Motivation
Since EIP-1153 is confirmed to be included in the upcoming Cancun-Deneb upgrade, I would like to discuss the possibility of using the future transient opcodes
TSTORE
andTLOAD
for theReentrancyGuard
(abstract) contract.Furthermore, I would like to highlight the initiatives (partially driven by myself), to disable reentrancy by default at the compiler level:
The text was updated successfully, but these errors were encountered: