-
Notifications
You must be signed in to change notification settings - Fork 5.5k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add a `SET_INDESTRUCTIBLE (0xA8)` opcode that prevents the contract from calling `SELFDESTRUCT (0xFF)`.
- Loading branch information
Showing
1 changed file
with
48 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,48 @@ | ||
| --- | ||
| eip: 2937 | ||
| title: SET_INDESTRUCTIBLE opcode | ||
| author: Vitalik Buterin (@vbuterin) | ||
| discussions-to: https://ethereum-magicians.org/t/eip-2937-set-indestructible/4571 | ||
| status: Draft | ||
| type: Standards Track | ||
| category: Core | ||
| created: 2020-09-04 | ||
| --- | ||
|
|
||
| ## Simple Summary | ||
|
|
||
| Add a `SET_INDESTRUCTIBLE (0xA8)` opcode that prevents the contract from calling `SELFDESTRUCT (0xFF)`. | ||
|
|
||
| ## Abstract | ||
|
|
||
| ## Motivation | ||
|
|
||
| The intended use case would be for contracts to make their first byte of code be the `SET_INDESTRUCTIBLE` opcode if they wish to serve as libraries that guarantee to users that their code will exist unmodified forever. This is useful in account abstraction as well as other contexts. | ||
|
|
||
| Unlike EIPs that disable the `SELFDESTRUCT` opcode entirely, this EIP does not modify behavior of any existing contracts. | ||
|
|
||
| ## Specification | ||
|
|
||
| Add a transaction-wide global variable `globals.indestructible: Set[Address]` (i.e. a variable that operates the same way as the selfdestructs set), initialized to the empty set. | ||
|
|
||
| Add a `SET_INDESTRUCTIBLE` opcode at `0xA8`, with gas cost `G_base`, that adds the current `callee` to the `globals.indestructible` set. If in the current execution context the `callee` is in `globals.indestructible`, the `SELFDESTRUCT` opcode throws an exception. | ||
|
|
||
| ## Rationale | ||
|
|
||
| Alternative proposals to this include: | ||
|
|
||
| * Simply banning `SELFDESTRUCT` outright. This would be ideal, but has larger backwards compatibility issues. | ||
| * Using a local variable instead of a global variable. This is problematic because it would be broken by `DELEGATECALL`. | ||
|
|
||
| ## Backwards Compatibility | ||
|
|
||
| TBD | ||
|
|
||
| ## Security Considerations | ||
|
|
||
| This breaks forward compatibility with _some_ forms of state rent, which would simply delete contracts that get too old without paying some maintenance fee. However, this is not the case with all state size control schemes; for example this is not an issue if we use [ReGenesis](https://ledgerwatch.github.io/regenesis_plan.html). | ||
|
|
||
| If `SELFDESTRUCT` is ever removed in the future, this EIP would simply become a no-op. | ||
|
|
||
| ## Copyright | ||
| Copyright and related rights waived via [CC0](https://creativecommons.org/publicdomain/zero/1.0/). |