561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698 | @pytest.mark.valid_from("Cancun")
@pytest.mark.parametrize("value_bearing", [True, False])
def test_worst_selfdestruct_existing(
blockchain_test: BlockchainTestFiller,
fork: Fork,
pre: Alloc,
value_bearing: bool,
env: Environment,
gas_benchmark_value: int,
):
"""Test running a block with as many SELFDESTRUCTs as possible for existing contracts."""
attack_gas_limit = gas_benchmark_value
fee_recipient = pre.fund_eoa(amount=1)
# Template code that will be used to deploy a large number of contracts.
selfdestructable_contract_addr = pre.deploy_contract(code=Op.SELFDESTRUCT(Op.COINBASE))
initcode = Op.EXTCODECOPY(
address=selfdestructable_contract_addr,
dest_offset=0,
offset=0,
size=Op.EXTCODESIZE(selfdestructable_contract_addr),
) + Op.RETURN(0, Op.EXTCODESIZE(selfdestructable_contract_addr))
initcode_address = pre.deploy_contract(code=initcode)
# Calculate the number of contracts that can be deployed with the available gas.
gas_costs = fork.gas_costs()
intrinsic_gas_cost_calc = fork.transaction_intrinsic_cost_calculator()
loop_cost = (
gas_costs.G_KECCAK_256 # KECCAK static cost
+ math.ceil(85 / 32) * gas_costs.G_KECCAK_256_WORD # KECCAK dynamic cost for CREATE2
+ gas_costs.G_VERY_LOW * 3 # ~MSTOREs+ADDs
+ gas_costs.G_COLD_ACCOUNT_ACCESS # CALL to self-destructing contract
+ gas_costs.G_SELF_DESTRUCT
+ 63 # ~Gluing opcodes
)
final_storage_gas = (
gas_costs.G_STORAGE_RESET + gas_costs.G_COLD_SLOAD + (gas_costs.G_VERY_LOW * 2)
)
memory_expansion_cost = fork().memory_expansion_gas_calculator()(new_bytes=96)
base_costs = (
intrinsic_gas_cost_calc()
+ (gas_costs.G_VERY_LOW * 12) # 8 PUSHs + 4 MSTOREs
+ final_storage_gas
+ memory_expansion_cost
)
num_contracts = (attack_gas_limit - base_costs) // loop_cost
expected_benchmark_gas_used = num_contracts * loop_cost + base_costs
# Create a factory that deployes a new SELFDESTRUCT contract instance pre-funded depending on
# the value_bearing parameter. We use CREATE2 so the caller contract can easily reproduce
# the addresses in a loop for CALLs.
factory_code = (
Op.EXTCODECOPY(
address=initcode_address,
dest_offset=0,
offset=0,
size=Op.EXTCODESIZE(initcode_address),
)
+ Op.MSTORE(
0,
Op.CREATE2(
value=1 if value_bearing else 0,
offset=0,
size=Op.EXTCODESIZE(initcode_address),
salt=Op.SLOAD(0),
),
)
+ Op.SSTORE(0, Op.ADD(Op.SLOAD(0), 1))
+ Op.RETURN(0, 32)
)
required_balance = num_contracts if value_bearing else 0 # 1 wei per contract
factory_address = pre.deploy_contract(code=factory_code, balance=required_balance)
factory_caller_code = Op.CALLDATALOAD(0) + While(
body=Op.POP(Op.CALL(address=factory_address)),
condition=Op.PUSH1(1) + Op.SWAP1 + Op.SUB + Op.DUP1 + Op.ISZERO + Op.ISZERO,
)
factory_caller_address = pre.deploy_contract(code=factory_caller_code)
contracts_deployment_tx = Transaction(
to=factory_caller_address,
gas_limit=env.gas_limit,
data=Hash(num_contracts),
sender=pre.fund_eoa(),
)
code = (
# Setup memory for later CREATE2 address generation loop.
# 0xFF+[Address(20bytes)]+[seed(32bytes)]+[initcode keccak(32bytes)]
Op.MSTORE(0, factory_address)
+ Op.MSTORE8(32 - 20 - 1, 0xFF)
+ Op.MSTORE(32, 0)
+ Op.MSTORE(64, initcode.keccak256())
# Main loop
+ While(
body=Op.POP(Op.CALL(address=Op.SHA3(32 - 20 - 1, 85)))
+ Op.MSTORE(32, Op.ADD(Op.MLOAD(32), 1)),
# Only loop if we have enough gas to cover another iteration plus the
# final storage gas.
condition=Op.GT(Op.GAS, final_storage_gas + loop_cost),
)
+ Op.SSTORE(0, 42) # Done for successful tx execution assertion below.
)
assert len(code) <= fork.max_code_size()
# The 0 storage slot is initialize to avoid creation costs in SSTORE above.
code_addr = pre.deploy_contract(code=code, storage={0: 1})
opcode_tx = Transaction(
to=code_addr,
gas_limit=attack_gas_limit,
sender=pre.fund_eoa(),
)
post = {
factory_address: Account(storage={0: num_contracts}),
code_addr: Account(storage={0: 42}), # Check for successful execution.
}
deployed_contract_addresses = []
for i in range(num_contracts):
deployed_contract_address = compute_create2_address(
address=factory_address,
salt=i,
initcode=initcode,
)
post[deployed_contract_address] = Account(nonce=1)
deployed_contract_addresses.append(deployed_contract_address)
blockchain_test(
pre=pre,
post=post,
blocks=[
Block(txs=[contracts_deployment_tx]),
Block(txs=[opcode_tx], fee_recipient=fee_recipient),
],
exclude_full_post_state_in_output=True,
expected_benchmark_gas_used=expected_benchmark_gas_used,
)
|