Skip to content
This repository has been archived by the owner on Oct 28, 2021. It is now read-only.

EIP166 - replay protection via high-order bits of nonce #3620

Closed
wants to merge 6 commits into from
Closed

Conversation

gumb0
Copy link
Member

@gumb0 gumb0 commented Mar 6, 2017

#3617
ethereum/EIPs#166

  • Add check for CHAIN_ID in transaction validation for transactions in the block
  • Add the check for pending transactions
  • When checking against sender nonce, use only lower 64 bits of tx nonce
  • Creating nonce for eth.sendTransaction RPC call

@gumb0 gumb0 added this to the Metropolis milestone Mar 6, 2017
@gumb0
Copy link
Member Author

gumb0 commented Mar 6, 2017

Some tests from TransactionTests are failing now because metropolisForkBlock param is misspelled in libethashseal/genesis/*

@chfast
Copy link
Member

chfast commented Mar 7, 2017

Just a side question: is it possible to reject transactions with gas > 2^63-1 straight away when parsing?

@gumb0
Copy link
Member Author

gumb0 commented Mar 7, 2017

@chfast I think it's possible, since there're currently some checks in TransactionBase contructor (like checking signature validity and chainId encoded in v value)

@gumb0 gumb0 force-pushed the eip166 branch 3 times, most recently from 34c36ba to 0a3e302 Compare March 8, 2017 08:44
@codecov-io
Copy link

codecov-io commented Mar 8, 2017

Codecov Report

Merging #3620 into develop will increase coverage by 0.06%.
The diff coverage is 89.65%.

@@             Coverage Diff             @@
##           develop    #3620      +/-   ##
===========================================
+ Coverage       65%   65.06%   +0.06%     
===========================================
  Files          306      307       +1     
  Lines        21337    21390      +53     
===========================================
+ Hits         13870    13918      +48     
- Misses        7467     7472       +5
Impacted Files Coverage Δ
libethashseal/genesis/metropolisTest.cpp 100% <ø> (ø)
libethashseal/genesis/transitionnetTest.cpp 100% <ø> (ø)
libethashseal/genesis/homesteadTest.cpp 100% <ø> (ø)
libethereum/Transaction.h 81.81% <ø> (ø)
libethashseal/genesis/frontierTest.cpp 100% <ø> (ø)
libethashseal/genesis/mainNetwork.cpp 100% <ø> (ø)
libethcore/Transaction.h 62.96% <ø> (ø)
libethashseal/genesis/ropsten.cpp 100% <ø> (ø)
libethashseal/genesis/mainNetworkTest.cpp 100% <ø> (ø)
libethashseal/genesis/eip150Test.cpp 100% <ø> (ø)
... and 158 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 57b766c...ed90df0. Read the comment docs.

ts.nonce = max<u256>(postSeal().transactionsFrom(ts.from), m_tq.maxNonce(ts.from));
if (postSeal().info().number() >= bc().chainParams().u256Param("metropolisForkBlock"))
{
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

curving brace

// Unneeded as it's checked again in Executive. Keep it here since tests assume it's checked.
if (_ir & ImportRequirements::TransactionBasic && _t.baseGasRequired(evmSchedule(EnvInfo(_bi))) > _t.gas())
BOOST_THROW_EXCEPTION(OutOfGasIntrinsic());
if (_ir & ImportRequirements::TransactionBasic)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That function is called by the verifyBlock ,
but seems transactions that comes from onPeerTransaction get accepted and thus relayed even if the chainId is wrong.
Would it make sense to check for the replay protection also at the 'network' layer?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For unconfirmed transactions the check is in Executive.
(so they are checked when when we try to execute them and put into pending block)

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can't check that on network level, because the check depends on which block the transaction will be put into
(depends on the block number)

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So currently we propagate all the transactions with incorrect chainID-in-nonce (which is fine, since they are currently valid)
We can add the check for chainID-in-nonce to TransactionQueue::import() later after the Metropolis fork, then we'll stop to propagate them.

@@ -0,0 +1,5 @@
cmake_policy(SET CMP0015 NEW)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You don't know what this is about, do you? Remove it.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No idea, just copied from another dir 😆

@@ -0,0 +1,5 @@
cmake_policy(SET CMP0015 NEW)

aux_source_directory(. SRCS)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

file(GLOB SRCS "*.cpp").

_t.checkNonceChainId(nonceChainId);
}

// Unneeded as it's checked again in Executive. Keep it here since tests assume it's checked.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you add TODO: prefix for this comment.

namespace
{
int const c_chainIdInNonceBits = 64;
u256 const c_nonceLowMask = 0xffffffffffffffff;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm sure you can use primitive int type here, boost should have an overloading for it.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sure it has, but it converts it to multiprecision internally anyway, so will we save anything?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We will save at least dynamic initialization of this global.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Buying it for additional initialization time for processing each transaction?
I'm not really convinced

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So I checked :) https://gist.github.com/chfast/dc7cfb070947f703e57c25dc3cbb79f7.

  • Both versions are very similar, they call eval_bitwise_... template function (big unrolled code in the middle).
  • u256 c_nonceLowMask does not require dynamic initialization. See _ZN12_GLOBAL__N_1L10lowMask256E.
  • The version with uint64_t is a bit better because does not require global constant loading.

That was not to prove you ware wrong, I was really curious. I would slightly prefer native type in the constant, but you can decide. Let me know.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So it inlines the int value in code instead of using variable?

Ok, there's little difference, I'll change it, int looks slightly nicer in code for me, too

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Global does not have to be created because it has local scope to linker namespace {}. Compiler usually produces code like mov -1 to reg0. The constant is included in the instruction itself.

@gumb0 gumb0 force-pushed the eip166 branch 2 times, most recently from 0a2cd31 to fa4f10c Compare March 16, 2017 14:13
@gumb0
Copy link
Member Author

gumb0 commented Mar 17, 2017

Rebased & review comments addressed

Copy link
Member

@chfast chfast left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Big thanks for the unit tests.

@chfast
Copy link
Member

chfast commented Apr 3, 2017

Is this ready to be merged?

@gumb0
Copy link
Member Author

gumb0 commented Apr 3, 2017

@chfast It is, but it's probably not going to be included in Metropolis, so we're not merging it yet, waiting for the final decision on which EIPs are included.

@gumb0 gumb0 removed the needs review label Apr 4, 2017
@pirapira
Copy link
Member

This EIP faded away.

@pirapira pirapira closed this Oct 16, 2017
@gumb0 gumb0 deleted the eip166 branch January 10, 2018 16:47
@gumb0 gumb0 restored the eip166 branch January 10, 2018 16:47
@chfast chfast deleted the eip166 branch April 9, 2018 21:28
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants