AA-173: Remove simulation and view-only methods from the EntryPoint contract

[forshtat]

No description provided.

[drortirosh]

why hex?

[forshtat]

The third parameter of simulateValidation is a transaction details object and is fed directly to the eth_call RPC method as {...tx}. It does not pass through the Ethers.js where gasLimit?: string | number | BigNumber; is translated into a hex gas field.

[drortirosh]

since anvil does support debug_traceCall, it is possible to write it better.
but this test is very partial.
should instead say:
for actual opcode and storage rule restrictions, see the reference bundler ValidationManager

[forshtat]

Added comment.

[drortirosh]

the one thing missing from simulateHandleOp (which is why we need this "Simulation" contract) is to return the actualGasUsed and success/revert reason of actual call.
they are dumped in an event deep inside innerHandleOp, and the only simple way to propagate them out to the calling "simulateHandleOp" is using storage - a big no-no for a real production code, but good enough for simulate function.

[drortirosh]

what is this for?

[forshtat]

Removed.

[drortirosh]

also, to fix the code-coverage, check the COVERAGE env. variable to skip the failed test

[drortirosh]

use callStatic, and no need for snapshot/revert

[forshtat]

Fixed.

[drortirosh]

why rename the method? leave the name "deployEntryPoint", and it would avoid a lot of source modifications...

[forshtat]

Fixed.

[drortirosh]

use callStatic, and no need for snapshot/revert

[forshtat]

Fixed.

[drortirosh]

better "merge" the 2 separate struct returns.

[forshtat]

Fixed.

[drortirosh]

internal

[forshtat]

Changed.

[drortirosh]

Comments by @yoavw :

A couple of questions:

1. I don't see any gas measurements in the EntryPointSimulations so I'm not sure I understand how it works. I understand it's now an eth_call rather than traceCall, so how are the different gas parameters passed to the caller?
2. Did everyone review it and look for redpill attacks? Let's all make sure there's no way to detect simulation due to this change.
3. In simulateHandleOp there are numberMarker() calls. I thought we removed tracing for this, and just use eth_call. Are these markers still used for something?
4. Part of our censorship resistance is that if bundlers are censoring a user, the user can always submit a single-op bundle directly. Does this method make it possible for wallets to estimate gas without a running a full bundler? Do public nodes allow the required state injection for this simulation method?
5. We to doc the new method in the EIP, and maybe also a separate doc about simulation to communicate the change to all bundler devs.

[drortirosh]

1. gas measurements: this PR is a first step: it moves the view functions into a separate contract, and remove the need for "Revert" structure, but otherwise, doesn't change their calculation. a separate PR should change simulateHandleOp so that it could return out the actualGasUsed and success (which are currently only emitted in a log)
2. @shahafn - please also review the code.
3. numberMarkers will go away, in a next PR (as explained above)
4. stateOverride is a parameter of eth_call, and do not require tracing (so in a way, this change actually makes it easier for wallets to estimate gas, since for actual callGasLimit, calculation they currently require traceCall - at least for estimating first UserOp, since you can "hack" if the account is already deployed
5. right. need to update the EIP to accomodate with this change. @forshtat ?

[shahafn]

There is one way that is a potential exploit:

The new approach means that there are two different EntryPoint contracts, one for simulation and one for execution.
This means that calls to the very same function (e.g. depositTo()) may have slightly different gas costs (by a diff of ~30 gas).
This depends on the code diff between EntryPoint and EntryPointSimulations, and it may also change between each modification we make to either of them.

In the case where EntryPointSimulations.depositTo() costs 30 gas less than EntryPoint.depositTo(), for instance, an account can call depositTo() during validation 20 times, amplifying the diff to 600 gas, then emit an event. This will pass in simulation since it's cheaper, but fail on actual EntryPoint.

A possible mitigation is to allow only one call to depositTo() during validation, but I think that with gas calculation precise enough, even 30 gas diff can be abused (e.g. through emitting events).

Wdyt?

[yoavw]

@shahafn , @drortirosh and I discussed this a couple of days ago and I believe the conclusion was that every function in EntryPointSimulations must take at least the same amount of gas as its EntryPoint implementation. If it's marginal, add an extra SSTORE and deduct this fixed cost from the reported gas cost. This way there are no cases where something results in OOG on chain after passing simulation successfully. We're ok if OOG happens during simulation - we just increase the gas limit. What we're trying to prevent is on-chain OOG.