You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
@@ -31,7 +31,7 @@ There is a lot of interest in adding short-term functionality improvements to EO
31
31
| ------------------------ | ------- |
32
32
|`SET_CODE_TX_TYPE`|`0x04`|
33
33
|`MAGIC`|`0x05`|
34
-
|`PER_AUTH_BASE_COST`|`2500`|
34
+
|`PER_AUTH_BASE_COST`|`15000`|
35
35
|`PER_EMPTY_ACCOUNT_COST`|`25000`|
36
36
37
37
### Set Code Transaction
@@ -52,10 +52,10 @@ The transaction is also considered invalid when any field in an authorization
52
52
tuple cannot fit within the following bounds:
53
53
54
54
```python
55
-
assert auth.chain_id <2**256
55
+
assert auth.chain_id <2**64
56
56
assert auth.nonce <2**64
57
57
assertlen(auth.address) ==20
58
-
assert auth.y_parity <2**256
58
+
assert auth.y_parity <2**8
59
59
assert auth.r <2**256
60
60
assert auth.s <2**256
61
61
```
@@ -73,7 +73,8 @@ At the start of executing the transaction, after incrementing the sender's nonce
73
73
5. Verify the code of `authority` is either empty or already delegated.
74
74
6. Verify the nonce of `authority` is equal to `nonce`. In case `authority` does not exist in the trie, verify that `nonce` is equal to `0`.
75
75
7. Add `PER_EMPTY_ACCOUNT_COST - PER_AUTH_BASE_COST` gas to the global refund counter if `authority` exists in the trie.
76
-
8. Set the code of `authority` to be `0xef0100 || address`. This is a delegation designation.
76
+
8. Set the code of `authority` to be `0xef0100 || address`. This is a delegation designation.
77
+
* As a special case, if `address` is `0x0000000000000000000000000000000000000000` do not write the designation. Clear the accounts code and reset the account's code hash to `0x0000000000000000000000000000000000000000000000000000000000000000`.
77
78
9. Increase the nonce of `authority` by one.
78
79
79
80
If any of the above steps fail, immediately stop processing that tuple and continue to the next tuple in the list. It will in the case of multiple tuples for the same authority, set the code using the address in the last valid occurrence.
@@ -106,8 +107,22 @@ If a code reading instruction accesses a cold account during the resolution of d
106
107
107
108
Modify the restriction put in place by [EIP-3607](./eip-3607.md) to allow EOAs whose code is a valid delegation designation, i.e., `0xef0100 || address`, to continue to originate transactions. Accounts with any other code values may not originate transactions.
108
109
110
+
Additionally, if a transaction's `destination` has a delegation designation, add the target of the delegation to `accessed_addresses`.
111
+
109
112
## Rationale
110
113
114
+
### Cost of Delegation
115
+
116
+
The `PER_AUTH_BASE_COST` is the cost to process the authorization tuple and set the delegation destination. We are able to compute a fair cost for this operation by reviewing its impact on the system:
117
+
118
+
* ferry 101 bytes of calldata = `101 * 16 = 1616`
119
+
* recovering the `authority` address = `3000`
120
+
* reading the nonce and code of `authority` = `5000`
121
+
* storing values in already warm account = `200`
122
+
* cost to deploy code = `200 * 23 = 4600`
123
+
124
+
The impact-based assessment leaves us with `14416` gas for the operation. We round up to `15000` to account for miscellaneous costs associated with shuttling data around the state transition.
125
+
111
126
### No initcode
112
127
113
128
Running initcode is not desirable for many reasons. The chief concern is it's unnatural. Initcode is intended to initialize and deploy contracts. With this EIP, it will take on a new role of determining whether it is appropriate to deploy code to the EOA. Suppose a user only wants code deployed to their account if they also have an operation bundled with the general transaction calldata. This gives EOAs a unique power to control when and what code executes in their account. Although [EIP-7702](./eip-7702.md) as written still allows this to a degree, the lack of programmability in the decision will force wallets to not sign many authorization tuples and instead focus on signing only a tuple pointing to a configurable proxy. This affords EOAs a similar experience to smart contract wallets.
@@ -180,6 +195,14 @@ Specifically:
180
195
* It does not require adding any opcodes, that would become dangling and useless in a post-EOA world.
181
196
* It allows EOAs to masquerade as contracts to be included in ERC-4337 bundles, in a way that's compatible with the existing `EntryPoint`.
182
197
198
+
### Clearing Delegation Designations
199
+
200
+
A general design goal of state transition changes is to minimize the number of special cases an EIP has. In early iterations, this EIP resisted a special case for clearing an account's delegation designation.
201
+
202
+
For most intents and purposes, an account delegated to `0x0` is indistinguishable from a true EOA. However, one particular unfortunate case is unavoidable. Even if a user has a zeroed out delegation designation, most operations that interact with that account will encounter an additional `COLD_ACCOUNT_READ_COST` upon the first touch.
203
+
204
+
This is not ideal and may be a significant enough concern to impact the overall adoption of the EIP. For these reasons, we have opted to include a mechanism which allow users to restore their EOA to its original pureness.
205
+
183
206
## Backwards Compatibility
184
207
185
208
This EIP breaks the invariant that an account balance can only decrease as a result of transactions originating from that account. It also breaks the invariant that an EOA nonce may not increase after transaction execution has begun. These breakages have consequences for mempool design, and for other EIPs such as inclusion lists. However, because the accounts are listed statically in the outer transaction, it is possible to modify transaction propagation rules so that conflicting transactions are not forwarded.
0 commit comments