PAY opcode
相关视频
正文
Abstract
This EIP introduces a new opcode, PAY
, taking two stack parameters, addr
and val
, that transfers val
wei to the address addr
without calling any of its functions.
Motivation
Currently, to send ether to an address requires you to call into that address, which transfers execution context to that address, which creates several issues:
- First of all, it opens a reentrancy attack vector, as the recipient can call back into the sender. More generally, the recipient can unilaterally execute arbitrary state changes, limited only by the gas stipend, which is not desirable from the point of view of the sender.
- Secondly, it opens a DoS vector. Contracts which want to send ether must be cognizant of the possibility that the recipient will run out of gas or revert.
- Finally, the
CALL
opcode is needlessly expensive for simple ether transfers, as it requires the memory and stack to be expanded, the recipient's full data including code and memory to be loaded, and finally needs to execute a call, which might do other unintentional operations. Having a dedicated opcode for ether transfers solves all of these issues, and would be a useful addition to the EVM.
Specification
Constants
Constant | Definition |
---|---|
WARM_STORAGE_READ_COST | EIP-2929 |
COLD_ACCOUNT_ACCESS_COST | EIP-2929 |
GAS_NEW_ACCOUNT | EELS |
GAS_CALL_VALUE | EELS |
Behavior
A new opcode is introduced: PAY
(0xf9
), which:
- Pops two values from the stack:
addr
thenval
. - Transfers
val
wei from the current target address to the addressaddr
. - Marks
addr
as warm (addingaddr
toaccessed_addresses
.)
Gas Cost
The gas cost for PAY
is the sum of the following:
- Is
addr
inaccessed_addresses
?- If yes,
WARM_STORAGE_READ_COST
; - Otherwise,
COLD_ACCOUNT_ACCESS_COST
.
- If yes,
- Does
addr
exist or isval
zero?- If yes to either, zero;
- Otherwise,
GAS_NEW_ACCOUNT
.
- Is
val
zero?- If yes, zero;
- Otherwise,
GAS_CALL_VALUE
.
PAY
cannot be implemented on networks with empty accounts (see EIP-7523.)
Rationale
Argument order
The order of arguments mimics that of CALL
, which pops addr
before val
. Beyond consistency, though, this ordering aids validators pattern-matching MEV opportunities, so PAY
always appears immediately after COINBASE
.
Backwards Compatibility
This change requires a hard fork.
Security Considerations
Existing contracts should not rely on their balance being under their control, since it is already possible to send ether to an address without calling it, by creating a temporary contract and immediately SELFDESTRUCT
ing it, sending the ether to an arbitrary address. However, this opcode does make this process cheaper for already-vulnerable contracts.
Copyright
Copyright and related rights waived via CC0.