-
Notifications
You must be signed in to change notification settings - Fork 5.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update EIP-2935: bring up to date with sys contract impl #9144
base: master
Are you sure you want to change the base?
Conversation
File
|
| `HISTORY_STORAGE_ADDRESS` | `0x0aae40965e6800cd9b1f4b05ff21581047e3f91e`| | ||
| `FORK_TIMESTAMP` | TBD | | ||
| `BLOCKHASH_SERVE_WINDOW` | `256` | | ||
| `HISTORY_SERVE_WINDOW` | `8192` | |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
| `HISTORY_SERVE_WINDOW` | `8192` | | |
| `HISTORY_SERVE_WINDOW` | `8191` | |
Update according to PR description, but I have not verified this value.
* If calldata is bigger than 2^64-1, revert. | ||
* For any output outside the range of [block.number-`HISTORY_SERVE_WINDOW`, block.number-1] return 0. | ||
* If calldata is not 32 bytes, revert. | ||
* For any request outside the range of [block.number-`HISTORY_SERVE_WINDOW`, block.number-1], revert. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this is not the current BLOCKHASH (with window 256) behavior so we are actually diverging from the behavior ?
@@ -234,6 +202,12 @@ def process_block_hash_history(block: Block, state: State): | |||
|
|||
The first option is recommended until the Verkle fork, to stay consistent with [EIP-4788](./eip-4788.md) and to issues for misconfigured networks where this EIP is activated but history contract hasn't been deployed. The recommendation may be reconsidered at the Verkle fork if filtering the system contract code chunks is deemed too complex. | |||
|
|||
### Size of ring buffers | |||
|
|||
The ring buffer data structure is sized to hold 8191 hashes. In other system contracts a prime ring buffer size is chosen in because using a prime as the modulus ensures that no value is overwritten until the entire ring buffer has been saturated and thereafter, each value will be updated once per iteration, regardless of if some slot are missing or the slot time changes. However, in this EIP the block number is the value in the modulo operation and it only ever increases by 1 each iteration. Which means we can be confident that the ring buffer will always remain saturated. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The ring buffer data structure is sized to hold 8191 hashes. In other system contracts a prime ring buffer size is chosen in because using a prime as the modulus ensures that no value is overwritten until the entire ring buffer has been saturated and thereafter, each value will be updated once per iteration, regardless of if some slot are missing or the slot time changes. However, in this EIP the block number is the value in the modulo operation and it only ever increases by 1 each iteration. Which means we can be confident that the ring buffer will always remain saturated. | |
The ring buffer data structure is sized to hold 8191 hashes. In other system contracts a prime ring buffer size is chosen in because using a prime modulus ensures that the entire ring buffer gets saturated. However, in this EIP the block number only ever increases by 1 each iteration fully saturating the buffer before wrapping around. |
|
||
The ring buffer data structure is sized to hold 8191 hashes. In other system contracts a prime ring buffer size is chosen in because using a prime as the modulus ensures that no value is overwritten until the entire ring buffer has been saturated and thereafter, each value will be updated once per iteration, regardless of if some slot are missing or the slot time changes. However, in this EIP the block number is the value in the modulo operation and it only ever increases by 1 each iteration. Which means we can be confident that the ring buffer will always remain saturated. | ||
|
||
For consistency with other system contracts, we have decided to retain the buffer size of 8191. Given the current mainnet values, 8191 roots provides about a day of coverage. This also gives users plenty of time to make a transaction with a verification against a specific hash and get the transaction included on-chain. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For consistency with other system contracts, we have decided to retain the buffer size of 8191. Given the current mainnet values, 8191 roots provides about a day of coverage. This also gives users plenty of time to make a transaction with a verification against a specific hash and get the transaction included on-chain. | |
However for consistency with other system contracts, we have decided to retain the buffer size of 8191. Given the current mainnet values, 8191 roots provides about a day of coverage. This also gives users plenty of time to make a transaction with a verification against a specific hash and get the transaction included on-chain. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@lightclient could you please share a link to the audit? We're especially interested in figuring out the REVERT
on out-of-bounds part.
The behavior of returning 0 was initially intended, as there was no ring buffer in initial versions of the spec, and any request for a block hash before the fork was to be 0. The size of the ring buffer might be extended in the future (especially if the block time changes). Now, this is not a big deal per se, as executing the system contract's bytecode becomes "legacy" with eip-7709. Still, it'd be nice to know why an out-of-bounds read returning 0 is a security problem in this particular case.
|
||
// 0x57: set op - sstore the input to number-1 mod 8192 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
any reason for removing the comments ?
This makes a few updates based on audits of system contract code here: https://github.com/lightclient/sys-asm/blob/main/src/execution_hash/main.eas
get
input to be 32 bytes