EXTSLOAD opcode
EIP-2330 proposes the addition of a new opcode called EXTSLOAD to the Ethereum Virtual Machine (EVM). This opcode allows a contract to read the storage of another contract, which breaks the traditional object-oriented model used in smart contracts. However, this change can make smart contract systems more efficient and prevent misconceptions about private variables. The proposal is fully backwards compatible and should not pose any security issues. The motivation behind this proposal is to address the under-pricing of opcodes that read the state tree, which can be used for denial-of-service attacks. The EXTSLOAD opcode adds a flat penalty of 300 gas on top of the costs calculated in a table to account for the cost of loading the code. The goal is to target a limit of 8 MB of data that needs to be read in order to process a block and include an estimate of 500 bytes for a Merkle proof for SLOAD and 1000 for an account. Overall, the proposal aims to increase the cost of storage reading opcodes to mitigate the risk of transaction spam and improve network performance.
Video
Original
Abstract
This proposal adds a new opcode EXTSLOAD at 0x5c which pops two items from the stack: <account address> <storage key> and pushes one item: <storage value>. The gas cost is sum of account access cost and storage read based on EIP-2929 Access Lists.
Motivation
While any off-chain application can read all contract storage data of all contracts, this is not possible for deployed smart contracts themselves. These are bound to use contract calls for any interaction including reading data from other contracts. This EIP adds an EVM opcode to directly read external contract storage.
The gas cost when reading from registry style contract such as EIP-20s, ENS and other data contracts is very high, because they incur cross contract call cost, cost for ABI encoding, decoding and dispatching and finally loading the data. In many cases the underlying storage that is being queried is though just a simple mapping. On top of that, the view function may SLOAD many other slots which caller may not be interested in, which further adds to the gas costs. In these cases a new EXTSLOAD call directly accessing the mapping in storage could not only reduce the gas cost of the interaction more than 10x, but also it would make the gas cost predictable for the reading contract.
Specification
A new EVM instruction EXTSLOAD (0x5c) that works like SLOAD (0x54) but an additional parameter representing the contract that is to be read from.
EXTSLOAD (0x5c)
The EXTSLOAD instruction pops 2 values from the stack, first contract a contract address and then second slot a storage address within contract. As result EXTSLOAD pushes on the stack the value from the contract storage of contract at the storage slot address or 0 in case the account contract does not exist.
Gas cost pre-verkle
Gas to be charged before Verkle Tree change is specified as ACCOUNT_ACCESS_COST + STORAGE_READ_COST where:
ACCOUNT_ACCESS_COSTis0if the account address is already inaccessed_addressesset, otherwiseCOLD_ACCOUNT_ACCESS_COST.STORAGE_READ_COSTisWARM_STORAGE_READ_COSTif storage key is already inaccessed_storage_keysset, otherwiseCOLD_STORAGE_READ_COST.
Gas cost post-verkle
It is important to consider that post Verkle tree change, ACCOUNT_ACCESS_COST will not be needed since a single account's storage would be spread across the entire global trie. Hence gas to be charged post Verkle Tree change is just STORAGE_READ_COST, which is as specified in Gas cost pre-verkle.
Rationale
- Without this EIP, a contract can still opt-in to make their entire state public, by having a method that simply SLOADs and returns the values (example). The complexity of the gas cost can be seen as
1x CALL cost +Nx SLOAD cost. Hence, the gas cost specified for using EXTSLOAD opcode on an account forNtimes, the charge of1xCOLD_ACCOUNT_ACCESS_COSTandNxSTORAGE_READ_COSTis hereby justified. - Without this EIP, a contract can still use internal state of other contracts. An external party can supply a value and proof to a contract, which the contract can verify using
BLOCKHASH. This is only possible for the previous blocks and not the latest state (since current blockhash cannot be determined before execution). - This opcode can be seen as breaking object-oriented (OO) model because it allows to read storage of other contracts. In usual systems using OO is net positive, because there is no limit on machine code and it hardly adds any cost to add more methods or use single method to get a ton of data while the caller needs to just a small portion of data. However on EVM, there are visible costs, i.e. about $0.2 per SLOAD (20 gwei and ETHUSD 2000). Also, OO has caused misleading assumptions for developers where variables marked as "private" in smart contracts are encrypted in some way/impossible to read which has resulted bad designs. Hence, this EIP can be beneficial in terms of making smart contract systems more efficient as well as preventing misconceptions as well.
Backwards Compatibility
This change is fully backwards compatible since it adds a new instruction.
Security Considerations
- Since the opcode is similar to SLOAD, it should be easy to implement in various clients.
- This opcode allows the callee
Ato re-enter a caller contractBand read state ofBandBcannot stopAfrom doing that. Since this does not change any state, it should not be a security issue. Contracts generally use re-entrancy guards, but that is only added to write methods. So even currently without EXTSLOAD,Acan re-enterBand read their state exposed by any view methods and it has not been an issue.
Copyright
Copyright and related rights waived via CC0.
Not miss a beat of EIPs' update?
Subscribe EIPs Fun to receive the latest updates of EIPs Good for Buidlers to follow up.
View all