HomeEIPs
EIPsEIP-2677
EIP-2677

Limit size of `initcode`

WithdrawnStandards Track: Core
Created: 2020-05-18
Martin Holst Swende (@holiman), Paweł Bylica (@chfast), Alex Beregszaszi (@axic)
DiscussionsOriginal linkEdit
1 min read

The EIP-2677 proposal introduces a maximum size limit for initcode in Ethereum, set at 49152 bytes. Additionally, it charges 2 gas for every 32-byte chunk of initcode to represent the cost of jumpdest-analysis. This is intended to increase the robustness of clients and prevent attacks based on jumpdest-analysis or hashing of code.

Video
Anyone may contribute to propose contents.
Go propose
Original

Simple Summary

Enforce a maximum size limit (max_initcode_size) of 49152 (0xc000) for initcode.

Abstract

Enforce a maximum size limit (max_initcode_size) for initcode. If the size of initcode exceeds max_initcode_size, then contract creation fails with an out of gas error.

Since EIP-170 was implemented, there has been a size limit of 24576 (0x6000) on contract code. We propose to also limit the size of executable code to 2x the above limit, i.e. 49152 (0xc000).

This also leads to two nice properties:

  • instruction offset in code fits 16-bit value,
  • code size fits 16-bit value.

Motivation

When a client executes initcode, the client has to perform a jumpdest analysis. In some cases, the client also performs a hash of the code:

  • To use as a key in a mapping containing result of a jumpdest analysis
  • To use for address calculation within CREATE2.

The work performed during a jumpdest analysis scales linearly with the size of the code. Currently, a transaction can expand the memory once, and reuse the same memory segment (with minor modifications) to force the client to perform a lot of analysis/hashing, leading to slow block processing.

Historically, this was exploited in June 2017, precipitating the 1.6.5-patch release of geth

The work performed during address calculation within CREATE2 is charged in proportion with size of the code.

Specification

There are three situations where this is applicable:

  • CREATE,
  • CREATE2,
  • creation using a transaction with empty receiver.

In all these (and future) cases, the EVM should fail with Out Of Gas error if the code has a length more than max_initcode_size.

Rationale

TBA

Backwards Compatibility

This EIP requires a "network upgrade", since it modifies consenus-rules.

Security Considerations

For client implementations, this EIP makes attacks based on jumpdest-analysis or hashing of code less problematic, so should increase the robustness of clients.

For layer 2, this EIP introduces failure-modes where there previously were none. There could exist factory-contracts which deploy multi-level contract hierarchies, such that the code for multiple contracts are included in the initcode of the first contract. The author(s) of this EIP are not aware of any such contracts.

Test Cases

Test cases should include the following cases,

  • CREATE/CREATE2/tx create with initcode_size at max_initcode_size
  • CREATE/CREATE2/tx create with initcode_size at max_initcode_size+1

Implementation

TBA

Copyright and related rights waived via CC0.

Further reading
Anyone may contribute to propose contents.
Go propose
Adopted by projects
Anyone may contribute to propose contents.
Go propose

Not miss a beat of EIPs' update?

Subscribe EIPs Fun to receive the latest updates of EIPs Good for Buidlers to follow up.

View all
Serve Ethereum Builders, Scale the Community.
Resources
GitHub
Community
Supported by
ETHPanda
LXDAO