-
Notifications
You must be signed in to change notification settings - Fork 5.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
EIP 101 (Serenity): Currency and Crypto Abstraction #28
Comments
What happens to contracts that use msg.value? Do they get automatically translated into the new abstraction? |
Yep, every feature that gets removed should be auto-translateable. However, note that this does require some care on the part of developers: particularly, anyone developing ethereum contracts now should use static jumps ONLY, not dynamic jumps (eg. |
I take it this could allow for "calling collect" with sophisticated enough miners? (i.e. you just ping some random contract and it will pay for its own execution at no cost to you.) That would be awesome, considering the amount of shenanigans it takes to do the equivalent currently. See also: paying gas/mana with non-ether currencies. Also, +1 for putting ether and subcoins on the same footing. I'm working on a simple contract (mostly for fun) to bridge that gap. |
what is the target time to include it? |
Exactly. The goal with the above recommended miner software implementation is that if the miner sees a proof that they will get paid within 50000 steps, then they just go ahead and do it, so you should not even need to pre-arrange much of anything. |
Serenity, ie. same time as Casper. |
i'm in favour of bringing it forward to homestead-era, in preparation for serenity. |
This is a huge benefit that makes everything worth it, in my opinion. |
indeed. |
I have a concern about contract creation under this model. Currently, two contracts may have identical code but extremely different data, but in this case they would have to be the same contract. Think of a modern contract with the "owner" modifier, or the standard metacoin that gives the creator a zillion gizmos. Once I create an owned contract with a given code, no one else can make an identical contract with them as the owner. I don't think hardcoding the owner's signature is a good alternative, as then how do you change owners? |
since we are down to code and storage in an account we could just put code in storage. For example store code at location |
@wanderer that is a good idea in principle, but it depends on the ability to store a single code chunk of arbitrary size in storage, which would be a separate EIP (that I would support as a serenity change). |
@vbuterin but we can store arbitrary sizes in the merkle tree. I'm saying the we just need one merkle tree and not a separate root for the storage. Now from within the EVM you don't have accesses to more than one word which is not that nice. But the execution environment has to load the code and give to the evm as it stand now anyways, so being able to access the code from within the EVM is a not big concern yet. |
Right, but it seems ugly to store code sequentially. Also, there are space efficiency reasons to have code be in one big chunk; that was the original reason to do it that way as I recall. |
i'm going to back on the idea of storing code at zero. We don't need that. Just store the codehash at the address. Then for storage just append the storage key to the address.
|
Code should not be stored in storage, it has to be immutable. |
its doesn't have to be immutable, but there is not many use case for mutable code yet. Interpreters that JIT often need mutable code. But we don't have interpreters running on ethereum yet :P. And it's easier to just store the code directly at address. |
@wanderer I hope that correctness and verifyability has a higher priority than speed, here. Interpreters that compile just in time also do not need mutable code. It is fine for them to call newly created code, and that works perfectly with |
My instinct at this point is to retain the "immutable code + mutable storage" dichotomy that we currently have. |
👍 putting ether on equal footing as other tokens |
I don't understand this. Doesn't |
Good point. But, as Vitalik pointed out, this would allow such a system to work easier. (Just set up your contract with the standard payment code and you're good.) Concern: What if a contract appears to be able to pay for its own gas, but at the last moment shoves the ether it has to another contract? The miner can immediately refuse to continue the transaction, but that doesn't refund the miner or cost the contract. I think a reasonable solution is for the miner to insure that the actual desired, and gas limited, call is right before the payment code, no matter what. |
So does this mean that |
Ah, sorry. It would exist as a precompile at address 3. BTW for everyone's curiosity, ECRECOVER has been implemented in Serpent already. It costs ~700k gas. |
What happens to gasprice? |
@vbuterin ah, so ECRECOVER for secp256k1 would be at address 3. Any plans on precompiling it for other curves (secp256r1, NIST P256, ed25519 etc)? |
Is there a chance to have a pre-compiled ed25519 signature check contract in the near future ? |
I have submitted an EIP pull request for the ed25519 addition: #665 |
@picostocks cool. |
Here are my comments on this blog post. This seems outdated according to the current yellow Paper version (equation 217), as it omits the gas limit after the gas price
Also for: |
~call(5000, 3, [h, ~calldataload(0), ~calldataload(32), ~calldataload(64)], 128, ref(addr), 32) There are other differences which makes things confusing.
txexecgas seems more like tx.gas.
I suggest changing the above line to: Going back to: |
Is there any chance to get a secp256r1 (aka prime256v1 or NIST P-256) pre-compiled signature verification? I believe there is a strong case for supporting this scheme, as it's the only one implemented natively in both Android's Trusted Execution Environment [1] and iOS' Secure Enclave [2]. This would allow for stronger security in the application layer for virtually all mobile wallet apps, and other third-party cryptographic hardware (as the NIST P-256 is the preferred standard of the hardware industry, rather than secp256k1). [1] https://source.android.com/security/keystore/implementer-ref |
I think there is a concern that the NIST curve could have a backdoor, as another NIST curve was found to have a backdoor. |
That's a hypothesis and I wouldn't discard it entirely. However, assuming that secp256r1 is not backdoored by design, we get to significantly strengthen the mobile wallet security against a wider array of attack vectors (from side channels to memory dumps) as the cryptographic operations would be performed inside a dedicated hardware processor. I believe the gains are outweighing the risks for this one. |
Sounds fair enough. I haven't done much research on this so it's hard to know for sure. |
Is there any update(s) on this as to when it will be implemented? |
@greggmojica : i guess i'ts gonna be difficult to have a date of implementation of this, as there's very few information about the implementation of EIP101. It's not even listed in the main page of the repo unfortunately. I'm also quite interested in being able to follow the steps of development of this EIP as it is a major step for Ethereum Ecosystem. |
@greggmojica @Asone discussion on this topic is continuing here https://ethresear.ch/t/tradeoffs-in-account-abstraction-proposals/263 |
@cdetrio : Thanks for pointing out ! Added to my favs. Can i suggest to add the EIP in readme.md and point out the link to the new discussion or should it stay completely outside of the readme ? This EIP is a major one, and even if far away of being implemented, easing users to find the new location will allow many to stay up to date about the discussion. Much datalove |
There has been no activity on this issue for two months. It will be closed in a week if no further activity occurs. If you would like to move this EIP forward, please respond to any outstanding feedback or add a comment indicating that you have addressed all required feedback and are ready for a review. |
This issue was closed due to inactivity. If you are still pursuing it, feel free to reopen it and respond to any feedback or request a review in a comment. |
Add caip122 namespace for SOL
Title
Specification
0
, we premine a contract which contains all ether holdings. Theeth.getBalance
command in web3 is remapped appropriately.msg.value
no longer exists as an opcode, and neither doestx.gasprice
tx.gas
opcode is added alongside the existingmsg.gas
at index0x5c
; this new opcode allows the transaction to access the original amount of gas allotted for the transactionNote that
ECRECOVER
, sequence number/nonce incrementing and ether are now nowhere in the bottom-level spec (NOTE: ether is going to continue to have a privileged role in Casper PoS). To replicate existing functionality under the new model, we do the following.Simple user accounts can have the following default standardized code:
This essentially implements signature and nonce checking, and if both checks pass then it uses all remaining gas minus 50000 to send the actual desired call, and then finally pays for gas.
Miners can follow the following algorithm upon receiving transactions:
msg.gas - 50000
as its gas limit parameter)This process ensures that miners waste at most 50000 gas before knowing whether or not it will be worth their while to include the transaction, and is also highly general so users can experiment with new cryptography (eg. ed25519, Lamport), ring signatures, quasi-native multisig, etc. Theoretically, one can even create an account for which the valid signature type is a valid Merkle branch of a receipt, creating a quasi-native alarm clock.
If someone wants to send a transaction with nonzero value, instead of the current
msg.sender
approach, we compile into a three step process:msg.value
opcode anywhere in the function that is being called, then we have the contract cash out the cheque at the start of the function call and store the amount cashed out in a standardized address in memoryRationale
This allows for a large increase in generality, particularly in a few areas:
It also substantially simplifies and purifies the underlying Ethereum protocol, reducing the minimal consensus implementation complexity.
Implementation
Coming soon.
The text was updated successfully, but these errors were encountered: