HomeEIPs
EIPsEIP-2937
EIP-2937

SET_INDESTRUCTIBLE opcode

StagnantStandards Track: Core
Created: 2020-09-04
Vitalik Buterin (@vbuterin)
DiscussionsOriginal linkEdit
1 min read

EIP-2937 proposes the addition of a new opcode, SET_INDESTRUCTIBLE, to the Ethereum Virtual Machine (EVM) that prevents a contract from being destroyed using the SELFDESTRUCT opcode. This opcode is intended to be used by contracts that serve as libraries and want to guarantee to users that their code will exist unmodified forever. By making the first byte of code in a contract the SET_INDESTRUCTIBLE opcode, the contract can ensure that it cannot be destroyed, even if it is called by another contract that uses the SELFDESTRUCT opcode.

The proposal suggests adding a new transaction-wide global variable, globals.indestructible, which operates in the same way as the existing selfdestructs set, to keep track of contracts that have used the SET_INDESTRUCTIBLE opcode. This variable would be initialized to an empty set.

The proposal notes that alternative proposals to banning SELFDESTRUCT outright or using a local variable instead of a global variable have larger backwards compatibility issues or are problematic because they would be broken by DELEGATECALL.

The proposal acknowledges that this EIP breaks forward compatibility with some forms of state rent, which would delete contracts that get too old without paying a maintenance fee. However, this is not an issue with all state size control schemes, such as ReGenesis. If SELFDESTRUCT is ever removed in the future, this EIP would become a no-op.

Video
Anyone may contribute to propose contents.
Go propose
Original

Simple Summary

Add a SET_INDESTRUCTIBLE (0xA8) opcode that prevents the contract from calling SELFDESTRUCT (0xFF).

Abstract

Motivation

The intended use case would be for contracts to make their first byte of code be the SET_INDESTRUCTIBLE opcode if they wish to serve as libraries that guarantee to users that their code will exist unmodified forever. This is useful in account abstraction as well as other contexts.

Unlike EIPs that disable the SELFDESTRUCT opcode entirely, this EIP does not modify behavior of any existing contracts.

Specification

Add a transaction-wide global variable globals.indestructible: Set[Address] (i.e. a variable that operates the same way as the selfdestructs set), initialized to the empty set.

Add a SET_INDESTRUCTIBLE opcode at 0xA8, with gas cost G_base, that adds the current callee to the globals.indestructible set. If in the current execution context the callee is in globals.indestructible, the SELFDESTRUCT opcode throws an exception.

Rationale

Alternative proposals to this include:

  • Simply banning SELFDESTRUCT outright. This would be ideal, but has larger backwards compatibility issues.
  • Using a local variable instead of a global variable. This is problematic because it would be broken by DELEGATECALL.

Backwards Compatibility

TBD

Security Considerations

This breaks forward compatibility with some forms of state rent, which would simply delete contracts that get too old without paying some maintenance fee. However, this is not the case with all state size control schemes; for example this is not an issue if we use ReGenesis.

If SELFDESTRUCT is ever removed in the future, this EIP would simply become a no-op.

Copyright and related rights waived via CC0.

Further reading
Anyone may contribute to propose contents.
Go propose
Adopted by projects
Anyone may contribute to propose contents.
Go propose

Not miss a beat of EIPs' update?

Subscribe EIPs Fun to receive the latest updates of EIPs Good for Buidlers to follow up.

View all
Serve Ethereum Builders, Scale the Community.
Resources
GitHub
Community
Supported by
ETHPanda
LXDAO