From 58fc77b51457f174106c694d135031d11ac9eef6 Mon Sep 17 00:00:00 2001 From: Dankrad Feist Date: Thu, 3 Feb 2022 12:18:10 -0800 Subject: [PATCH 1/8] Deactivate selfdestruct initial commit --- EIPS/eip-4758.md | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 EIPS/eip-4758.md diff --git a/EIPS/eip-4758.md b/EIPS/eip-4758.md new file mode 100644 index 0000000000000..6771f5e893e82 --- /dev/null +++ b/EIPS/eip-4758.md @@ -0,0 +1,39 @@ +--- +eip: 4758 +title: Deactivate SELFDESTRUCT +description: Deactivate SELFDESTRUCT by changing it to SENDALL, which does recover all funds to the caller but does not delete any contract code or storage. +author: Guillaume Ballet (@gballet), Vitalik Buterin (@vbuterin), Dankrad Feist (@dankrad) +discussions-to: +status: Draft +type: Standards Track +category (*only required for Standards Track): Core +created: 2022-02-03 +requires (*optional): +--- + +# Deactivating SELFDESTRUCT + +## Summary + +This EIP renames the `SELFDESCRUCT` opcode to `SENDALL`, and replaces its functionality. The new functionality will be only to send all Ether in the account to the caller. + +## Motivation + +The `SELFDESTRUCT` opcode requires large changes to the state of an account, in particular removing all code and storage. This will not be possible in the future with Verkle trees: Each account will be stored in many different account keys, which will not be obviously connected to the root account (see [Verkle tree EIP](https://notes.ethereum.org/5HDhQXstTaKtVqVbS7S9yw)). + +This EIP implements this change. Applications that only use SELFDESTRUCT to retrieve funds will still work. + +## Specification + + * The `SELFDESTRUCT` opcode is renamed to `SENDALL`, and now only immediately moves all ETH in the account to the target; it no longer destroys code or storage or alters the nonce + * All refunds related to `SELFDESTRUCT` are removed + +## Rationale + +Getting rid of the `SELFDESTRUCT` opcode has been considered in the past (for arguments see [here](https://hackmd.io/@vbuterin/selfdestruct)), and there are currently no strong reasons to use it. Disabling it will be a requirement for statelessness. + +## Backward-Compatibility + +This EIP requires a hard fork, since it modifies consensus rules. + +Few applications are affected by this change. The only use that breaks is where a contract is re-created at the same address using `CREATE2` (after a `SELFDESTRUCT`). An analysis of the contracts where this happens has been made available [here](https://hackmd.io/@albus/rkAbjAsWF). The only application that is significantly affected (and where code can be analyzed) is able to switch to a different model, and should have ample time to do so. \ No newline at end of file From 686be81acd7717c7f87bcca6071ba55243240665 Mon Sep 17 00:00:00 2001 From: Dankrad Feist Date: Thu, 3 Feb 2022 12:28:35 -0800 Subject: [PATCH 2/8] Add discussions-to --- EIPS/eip-4758.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/EIPS/eip-4758.md b/EIPS/eip-4758.md index 6771f5e893e82..f1251cfae31b2 100644 --- a/EIPS/eip-4758.md +++ b/EIPS/eip-4758.md @@ -3,7 +3,7 @@ eip: 4758 title: Deactivate SELFDESTRUCT description: Deactivate SELFDESTRUCT by changing it to SENDALL, which does recover all funds to the caller but does not delete any contract code or storage. author: Guillaume Ballet (@gballet), Vitalik Buterin (@vbuterin), Dankrad Feist (@dankrad) -discussions-to: +discussions-to: https://github.com/ethereum/EIPs/issues/4759 status: Draft type: Standards Track category (*only required for Standards Track): Core From cc8cd8d86b7e0dfb541caf3a5396ab1687a46d93 Mon Sep 17 00:00:00 2001 From: Dankrad Feist Date: Thu, 3 Feb 2022 12:31:50 -0800 Subject: [PATCH 3/8] Remove erroneous brackets in category --- EIPS/eip-4758.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/EIPS/eip-4758.md b/EIPS/eip-4758.md index f1251cfae31b2..6b10800f91b28 100644 --- a/EIPS/eip-4758.md +++ b/EIPS/eip-4758.md @@ -6,9 +6,9 @@ author: Guillaume Ballet (@gballet), Vitalik Buterin (@vbuterin), Dankrad Feist discussions-to: https://github.com/ethereum/EIPs/issues/4759 status: Draft type: Standards Track -category (*only required for Standards Track): Core +category: Core created: 2022-02-03 -requires (*optional): +requires: --- # Deactivating SELFDESTRUCT From ef55cbe048876324b8036404c2cf7f655d1b5bff Mon Sep 17 00:00:00 2001 From: dankrad Date: Tue, 8 Feb 2022 15:24:32 -0800 Subject: [PATCH 4/8] Update EIPS/eip-4758.md Co-authored-by: Bolton Bailey --- EIPS/eip-4758.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/EIPS/eip-4758.md b/EIPS/eip-4758.md index 6b10800f91b28..5a011f6a2d484 100644 --- a/EIPS/eip-4758.md +++ b/EIPS/eip-4758.md @@ -15,7 +15,7 @@ requires: ## Summary -This EIP renames the `SELFDESCRUCT` opcode to `SENDALL`, and replaces its functionality. The new functionality will be only to send all Ether in the account to the caller. +This EIP renames the `SELFDESTRUCT` opcode to `SENDALL`, and replaces its functionality. The new functionality will be only to send all Ether in the account to the caller. ## Motivation From 5b5511c48c35cab2d8a7b58a749b034eb45d0e45 Mon Sep 17 00:00:00 2001 From: Dankrad Feist Date: Fri, 25 Mar 2022 10:03:20 +0000 Subject: [PATCH 5/8] Move discussion to Ethereum Magicians --- EIPS/eip-4758.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/EIPS/eip-4758.md b/EIPS/eip-4758.md index 5a011f6a2d484..c249b09e9e72e 100644 --- a/EIPS/eip-4758.md +++ b/EIPS/eip-4758.md @@ -3,7 +3,7 @@ eip: 4758 title: Deactivate SELFDESTRUCT description: Deactivate SELFDESTRUCT by changing it to SENDALL, which does recover all funds to the caller but does not delete any contract code or storage. author: Guillaume Ballet (@gballet), Vitalik Buterin (@vbuterin), Dankrad Feist (@dankrad) -discussions-to: https://github.com/ethereum/EIPs/issues/4759 +discussions-to: https://ethereum-magicians.org/t/eip-4758-deactivate-selfdestruct/8710 status: Draft type: Standards Track category: Core From c13051d4e4c03f1c7b73f085175462cab9273ac4 Mon Sep 17 00:00:00 2001 From: Dankrad Feist Date: Fri, 25 Mar 2022 15:07:35 +0000 Subject: [PATCH 6/8] Fix header, add security considerations and other fixes --- EIPS/eip-4758.md | 26 ++++++++++++++++++-------- 1 file changed, 18 insertions(+), 8 deletions(-) diff --git a/EIPS/eip-4758.md b/EIPS/eip-4758.md index c249b09e9e72e..1160e0b78fc12 100644 --- a/EIPS/eip-4758.md +++ b/EIPS/eip-4758.md @@ -1,27 +1,24 @@ --- eip: 4758 title: Deactivate SELFDESTRUCT -description: Deactivate SELFDESTRUCT by changing it to SENDALL, which does recover all funds to the caller but does not delete any contract code or storage. +description: Deactivate SELFDESTRUCT by changing it to SENDALL, which does recover all funds to the caller but does not delete any code or storage. author: Guillaume Ballet (@gballet), Vitalik Buterin (@vbuterin), Dankrad Feist (@dankrad) discussions-to: https://ethereum-magicians.org/t/eip-4758-deactivate-selfdestruct/8710 status: Draft type: Standards Track category: Core created: 2022-02-03 -requires: --- -# Deactivating SELFDESTRUCT - -## Summary +## Abstract This EIP renames the `SELFDESTRUCT` opcode to `SENDALL`, and replaces its functionality. The new functionality will be only to send all Ether in the account to the caller. ## Motivation -The `SELFDESTRUCT` opcode requires large changes to the state of an account, in particular removing all code and storage. This will not be possible in the future with Verkle trees: Each account will be stored in many different account keys, which will not be obviously connected to the root account (see [Verkle tree EIP](https://notes.ethereum.org/5HDhQXstTaKtVqVbS7S9yw)). +The `SELFDESTRUCT` opcode requires large changes to the state of an account, in particular removing all code and storage. This will not be possible in the future with Verkle trees: Each account will be stored in many different account keys, which will not be obviously connected to the root account. -This EIP implements this change. Applications that only use SELFDESTRUCT to retrieve funds will still work. +This EIP implements this change. Applications that only use `SELFDESTRUCT` to retrieve funds will still work. ## Specification @@ -36,4 +33,17 @@ Getting rid of the `SELFDESTRUCT` opcode has been considered in the past (for ar This EIP requires a hard fork, since it modifies consensus rules. -Few applications are affected by this change. The only use that breaks is where a contract is re-created at the same address using `CREATE2` (after a `SELFDESTRUCT`). An analysis of the contracts where this happens has been made available [here](https://hackmd.io/@albus/rkAbjAsWF). The only application that is significantly affected (and where code can be analyzed) is able to switch to a different model, and should have ample time to do so. \ No newline at end of file +Few applications are affected by this change. The only use that breaks is where a contract is re-created at the same address using `CREATE2` (after a `SELFDESTRUCT`). + +## Security Considerations + +The following applications of `SELFDESTRUCT` will be broken and applications that use it in this way are not safe anymore: +1. Any use where `SELFDESTRUCT` is used to burn non-ETH token balances, such as ERC20, inside a contract. We do not know of any such use (since it can easily be done by sending to a burn address this seems an unlikely way to use `SELFDESTRUCT`) +2. Where `CREATE2` is used to redeploy a contract in the same place. There are two ways in which this can fail: + - The destruction prevents the contract from being used outside of a certain context. For example, the contract allows anyone to withdraw funds, but `SELFDESTRUCT` is used at the end of an operation to prevent others from doing this. This type of operation can easily be modified to not depend on `SELFDESTRUCT`. + - The `SELFDESTRUCT` operation is used in order to make a contract upgradable. This is not supported anymore and delegates should be used. + + +## Copyright + +Copyright and related rights waived via [CC0](https://creativecommons.org/publicdomain/zero/1.0/). From 939b4442ff34c34b8a9841a83892534dbeab623b Mon Sep 17 00:00:00 2001 From: Dankrad Feist Date: Fri, 25 Mar 2022 20:34:48 +0000 Subject: [PATCH 7/8] Fix typo --- EIPS/eip-4758.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/EIPS/eip-4758.md b/EIPS/eip-4758.md index 1160e0b78fc12..1a1e282cdfac7 100644 --- a/EIPS/eip-4758.md +++ b/EIPS/eip-4758.md @@ -29,7 +29,7 @@ This EIP implements this change. Applications that only use `SELFDESTRUCT` to re Getting rid of the `SELFDESTRUCT` opcode has been considered in the past (for arguments see [here](https://hackmd.io/@vbuterin/selfdestruct)), and there are currently no strong reasons to use it. Disabling it will be a requirement for statelessness. -## Backward-Compatibility +## Backward Compatibility This EIP requires a hard fork, since it modifies consensus rules. From 556948a2466dee7d2abd77a64a642be8dc7faa82 Mon Sep 17 00:00:00 2001 From: Dankrad Feist Date: Sat, 26 Mar 2022 09:07:50 +0000 Subject: [PATCH 8/8] Remove external link --- EIPS/eip-4758.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/EIPS/eip-4758.md b/EIPS/eip-4758.md index 1a1e282cdfac7..1a6e7768eeef1 100644 --- a/EIPS/eip-4758.md +++ b/EIPS/eip-4758.md @@ -27,7 +27,7 @@ This EIP implements this change. Applications that only use `SELFDESTRUCT` to re ## Rationale -Getting rid of the `SELFDESTRUCT` opcode has been considered in the past (for arguments see [here](https://hackmd.io/@vbuterin/selfdestruct)), and there are currently no strong reasons to use it. Disabling it will be a requirement for statelessness. +Getting rid of the `SELFDESTRUCT` opcode has been considered in the past, and there are currently no strong reasons to use it. Disabling it will be a requirement for statelessness. ## Backward Compatibility