forked from DecentralizedClimateFoundation/DCIPs
293 lines
10 KiB
Markdown
293 lines
10 KiB
Markdown
|
---
|
|||
|
eip: 2733
|
|||
|
title: Transaction Package
|
|||
|
author: Matt Garnett (@lightclient)
|
|||
|
discussions-to: https://ethereum-magicians.org/t/eip-transaction-package/4365
|
|||
|
status: Withdrawn
|
|||
|
type: Standards Track
|
|||
|
category: Core
|
|||
|
created: 2020-06-16
|
|||
|
requires: 2718
|
|||
|
withdrawal-reason: I have decided to pursue EIP-3074 as the preferred solution to transaction packages.
|
|||
|
---
|
|||
|
|
|||
|
## Simple Summary
|
|||
|
Creates a new transaction type which executes a package of one or more
|
|||
|
transactions, while passing status information to subsequent transactions.
|
|||
|
|
|||
|
## Abstract
|
|||
|
Introduce a new transaction type which includes a list of transactions that
|
|||
|
must be executed serially by clients. Execution information (e.g. success,
|
|||
|
gas_used, etc.) will be propagated forward to the next transaction.
|
|||
|
|
|||
|
## Motivation
|
|||
|
Onboarding new users to Ethereum has been notoriously difficult due to the need
|
|||
|
for new users to acquire enough ether to pay for their transactions. This
|
|||
|
hurdle has seen a significant allocation of resources over the years to solve.
|
|||
|
Today, that solution is meta-transactions. This is, unfortunately, a brittle
|
|||
|
solution that requires signatures to be recovered within a smart contract to
|
|||
|
authenticate the message. This EIP aims to provide a flexible framework for
|
|||
|
relayers to "sponsor" many transactions at once, trustlessly.
|
|||
|
|
|||
|
Meta-transactions often use relay contracts to maintain nonces and allow users
|
|||
|
to pay for gas using alternative assets. They have historically been designed
|
|||
|
to catch reversions in their inner transactions by only passing a portion of
|
|||
|
the available gas to the subcall. This allows them to be certain the outer call
|
|||
|
will have enough gas to complete any required account, like processing a gas
|
|||
|
payment. This type of subcall has been considered bad practice for a long time,
|
|||
|
but in the case of where you don't trust the subcalls, it is the only available
|
|||
|
solution.
|
|||
|
|
|||
|
Transaction packages are an alternative that allow multiple transactions to be
|
|||
|
bundled into one package and executed atomically, similarly to how relay
|
|||
|
contracts operate. Transactions are able to pass their result to subsequent
|
|||
|
transactions. This allows for conditional workflows based on the outcome of
|
|||
|
previous transactions. Although this functionality is already possible as
|
|||
|
described above, workflows using transaction packages are more robust, because
|
|||
|
they are protected from future changes to the gas schedule.
|
|||
|
|
|||
|
An important byproduct of this EIP is that it also facilitates bundling
|
|||
|
transactions for single users.
|
|||
|
|
|||
|
## Specification
|
|||
|
Introduce a new [EIP-2718](./eip-2718.md) transaction type where `id = 2`.
|
|||
|
|
|||
|
#### Structure
|
|||
|
```
|
|||
|
struct TransactionPackage {
|
|||
|
chain_id: u256,
|
|||
|
children: [ChildPackage],
|
|||
|
nonce: u64,
|
|||
|
gas_price: u256,
|
|||
|
v: u256,
|
|||
|
r: u256,
|
|||
|
s: u256
|
|||
|
}
|
|||
|
```
|
|||
|
|
|||
|
##### Hash
|
|||
|
`keccak256(rlp([2, chain_id, children, nonce, gas_price, v, r, s])`
|
|||
|
|
|||
|
##### Signature Hash
|
|||
|
`keccak256(rlp([2, chain_id, children, nonce, gas_price])`
|
|||
|
|
|||
|
##### Receipt
|
|||
|
Each `ChildTransaction` transaction will generate a `ChildReceipt` after execution. Each
|
|||
|
of these receipts will be aggregated into a `Receipt`.
|
|||
|
|
|||
|
```
|
|||
|
type Receipt = [ChildReceipt]
|
|||
|
```
|
|||
|
|
|||
|
```
|
|||
|
struct ChildReceipt {
|
|||
|
status: u256,
|
|||
|
cumulative_gas_used: u256,
|
|||
|
logs_bloom: [u8; 256],
|
|||
|
logs: [u8]
|
|||
|
}
|
|||
|
```
|
|||
|
|
|||
|
#### Child Transaction
|
|||
|
Let `ChildPackage` be interpreted as follows.
|
|||
|
|
|||
|
```
|
|||
|
struct ChildPackage {
|
|||
|
type: u8,
|
|||
|
nonce: u64,
|
|||
|
transactions: [ChildTransaction],
|
|||
|
max_gas_price: u256,
|
|||
|
v: u256,
|
|||
|
r: u256,
|
|||
|
s: u256
|
|||
|
}
|
|||
|
```
|
|||
|
|
|||
|
```
|
|||
|
struct ChildTransaction {
|
|||
|
flags: u8,
|
|||
|
to: Address,
|
|||
|
value: u256,
|
|||
|
data: [u8],
|
|||
|
extra: [u8],
|
|||
|
gas_limit: u256
|
|||
|
}
|
|||
|
```
|
|||
|
|
|||
|
##### Types
|
|||
|
The `type` field is used to denote whether the `Child` signer wishes to
|
|||
|
delegate the `max_gas_price` and `gas_limit` choice to the `TransactionPackage`
|
|||
|
signer.
|
|||
|
|
|||
|
| type | signature hash |
|
|||
|
|---|---|
|
|||
|
| `0x00` | `keccak256(rlp([0, nonce, transactions, max_gas_price])` |
|
|||
|
| `0x01` | `keccak256(rlp([1, nonce, transactions_without_gas_limit])` |
|
|||
|
|
|||
|
### Validity
|
|||
|
|
|||
|
A `TransactionPackage` can be deemed valid or invalid as follows.
|
|||
|
|
|||
|
```rust
|
|||
|
fn is_valid(config: &Config, state: &State, tx: TransactionPackage) bool {
|
|||
|
if (
|
|||
|
config.chain_id() != tx.chain_id ||
|
|||
|
tx.children.len() == 0 ||
|
|||
|
state.nonce(tx.from()) + 1 != tx.nonce
|
|||
|
) {
|
|||
|
return false;
|
|||
|
}
|
|||
|
|
|||
|
let cum_limit = tx.children.map(|x| x.gas_limit).sum();
|
|||
|
if state.balance(tx.from()) < cum_limit * tx.gas_price + intrinsic_gas(tx) {
|
|||
|
return false;
|
|||
|
}
|
|||
|
|
|||
|
for child in tx.children {
|
|||
|
if (
|
|||
|
child.nonce != state.nonce(child.from()) + 1 ||
|
|||
|
child.value > state.balance(child.from()) ||
|
|||
|
child.max_gas_price < tx.gas_price
|
|||
|
) {
|
|||
|
return false;
|
|||
|
}
|
|||
|
|
|||
|
for tx in child.txs {
|
|||
|
if (
|
|||
|
tx.flags != 0 ||
|
|||
|
tx.extra.len() != 0 ||
|
|||
|
tx.gas_limit < intrinsic_gas(tx)
|
|||
|
) {
|
|||
|
return false;
|
|||
|
}
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
true
|
|||
|
}
|
|||
|
```
|
|||
|
|
|||
|
### Results
|
|||
|
|
|||
|
Subsequent `ChildTransaction`s will be able to receive the result of the
|
|||
|
previous `ChildTransaction` via `RETURNDATACOPY (0x3E)` in first frame of
|
|||
|
execution, before making any subcalls. Each element, except the last, will be
|
|||
|
`0`-padded left to 32 bytes.
|
|||
|
|
|||
|
```
|
|||
|
struct Result {
|
|||
|
// Status of the previous transaction
|
|||
|
success: bool,
|
|||
|
|
|||
|
// Total gas used by the previous transaction
|
|||
|
gas_used: u256,
|
|||
|
|
|||
|
// Cumulative gas used by previous transactions
|
|||
|
cum_gas_used: u256,
|
|||
|
|
|||
|
// The size of the return value
|
|||
|
return_size: u256,
|
|||
|
|
|||
|
// The return value of the previous transaction
|
|||
|
return_value: [u8]
|
|||
|
}
|
|||
|
```
|
|||
|
|
|||
|
### Intrinsic Cost
|
|||
|
Let the intrinsic cost of the transaction package be defined as follows:
|
|||
|
|
|||
|
```
|
|||
|
fn intrinsic_gas(tx: TransactionPackage) u256 {
|
|||
|
let data_gas = tx.children.map(|c| c.txs.map(|t| data_cost(&c.data)).sum()).sum();
|
|||
|
17000 + 8000 * tx.children.len() + data_gas
|
|||
|
}
|
|||
|
```
|
|||
|
|
|||
|
### Execution
|
|||
|
Transaction packages should be executed as follows:
|
|||
|
1. Deduct the cumulative cost from the outer signer's balance.
|
|||
|
2. Load the first child package, and execute the first child transaction.
|
|||
|
3. Record all state changes, logs, the receipt, and refund any unused gas.
|
|||
|
4. If there are no more child transactions, goto `8`.
|
|||
|
5. Compute `Result` for the previously executed transaction.
|
|||
|
6. Prepare `Result` to be available via return opcodes in the next
|
|||
|
transaction's first frame.
|
|||
|
7. Execute the next transaction, then goto `3`.
|
|||
|
8. Load the next child package, then goto `7`.
|
|||
|
|
|||
|
## Rationale
|
|||
|
|
|||
|
### Each `Child` has its own signature
|
|||
|
For simplicity, the author has chosen to require each child package to specify
|
|||
|
its own signature, even if the signer is the same as the package signer. This
|
|||
|
choice is made to allow for maximum flexibility, with minimal client changes.
|
|||
|
This transaction can still be used by a single user at the cost of only one
|
|||
|
additional signature recovery.
|
|||
|
|
|||
|
### `ChildPackage` specifies `max_gas_price` instead of `gas_price`
|
|||
|
Allowing child packages to specify a range of acceptable gas prices is
|
|||
|
strictly more versatile than a static price. It gives relayers more flexibility
|
|||
|
in terms of building transaction bundles, and it makes it possible for relayers
|
|||
|
to try and achieve the best price for the transaction sender. With a fixed
|
|||
|
price, the relayer may require the user to sign multiple different
|
|||
|
transactions, with varying prices. This can be avoided by specifying a max
|
|||
|
price, and communicating out-of-band how the urgency of the transaction (e.g.
|
|||
|
the relayer should package it with the max price immediately vs. slowly
|
|||
|
increasing the gas price).
|
|||
|
A future transaction type can be specified with only a single
|
|||
|
signature, if such an optimization is desired.
|
|||
|
|
|||
|
### `ChildPackage` is also typed
|
|||
|
The type element serves a modest role in the transaction type, denoting whether
|
|||
|
the transaction signer wishes to delegate control of the gas price and gas
|
|||
|
limit to the outer signer. This is a useful UX improvement when interacting
|
|||
|
with a trusted relayer, as once the user decides to make a transaction the
|
|||
|
relayer can ensure it is included on chain by choosing the best gas price and
|
|||
|
limit.
|
|||
|
|
|||
|
### The `flags` and `extra` fields aren't used
|
|||
|
These fields are included to better support future changes to the transaction
|
|||
|
type. This would likely be used in conjunction with the `flags` and `type`
|
|||
|
fields. A benefit of explicitly defining them is that specialized serialization
|
|||
|
of RLP can be avoided, simplifing clients and downstream infrastructure. The
|
|||
|
author believe the cost of 2 bytes per transaction is acceptable for smoother
|
|||
|
integration of future features.
|
|||
|
|
|||
|
## Backwards Compatibility
|
|||
|
Contracts which rely on `ORIGIN (0x32) == CALLER (0x33) && RETURNDATASIZE
|
|||
|
(0x3D) == 0x00` will now always fail in transaction packages, unless they are
|
|||
|
the first executed transaction. It’s unknown if any contracts conduct this
|
|||
|
check.
|
|||
|
|
|||
|
## Test Cases
|
|||
|
TBD
|
|||
|
|
|||
|
## Implementation
|
|||
|
TBD
|
|||
|
|
|||
|
## Security Considerations
|
|||
|
### Managing packages efficiently in the mempool
|
|||
|
The introduction of a new transaction type brings along new concerns regarding
|
|||
|
the mempool. Done naively, it could turn into a DDoS vector for clients. This
|
|||
|
EIP has been written to reduce as much validation complexity as possible.
|
|||
|
|
|||
|
An existing invariant in the mempool that is desirable for new transactions to
|
|||
|
maintain, is that transactions can be validated in constant time. This is also
|
|||
|
possible for packaged transactions. There is an inherent 10Mb limit for RLPx
|
|||
|
frames, so that would be the upper bound on transactions that could be included
|
|||
|
in a package. On the other hand, clients can also just configure their own
|
|||
|
bound locally (e.g. packages must be less than 1Mb). Validity can then be
|
|||
|
determined by using the function above.
|
|||
|
|
|||
|
Once a package has been validated, it must continuously be monitored for nonce
|
|||
|
invalidations within its package. One potential way to achieve this efficiently
|
|||
|
is to modify the mempool to operate on thin pointers to the underlying
|
|||
|
transaction. This will allow packages to ingest as many "single" transactions,
|
|||
|
simplifying the facilities for monitoring changes. These "parts" of the package
|
|||
|
can maintain a pointer to a structure with pointers to all the parts of the
|
|||
|
package. This way, as soon as one part becomes invalid, it can request the
|
|||
|
parent to invalidate all outstanding parts of the package.
|
|||
|
|
|||
|
## Copyright
|
|||
|
Copyright and related rights waived via [CC0](../LICENSE.md).
|