forked from DecentralizedClimateFoundation/DCIPs
57 lines
2.9 KiB
Markdown
57 lines
2.9 KiB
Markdown
---
|
|
eip: 5920
|
|
title: PAY opcode
|
|
description: Introduces a new opcode, PAY, to send ether to an address without calling any of its functions
|
|
author: Gavin John (@Pandapip1), Zainan Victor Zhou (@xinbenlv)
|
|
discussions-to: https://ethereum-magicians.org/t/eip-5920-pay-opcode/11717
|
|
status: Review
|
|
type: Standards Track
|
|
category: Core
|
|
created: 2022-03-14
|
|
requires: 2929
|
|
---
|
|
|
|
## Abstract
|
|
|
|
This EIP introduces a new opcode, `PAY`, taking two stack parameters, `addr` and `val`, that transfers `val` wei to the address `addr` without calling any of its functions.
|
|
|
|
## Motivation
|
|
|
|
Currently, to send ether to an address requires you to call a function of that address, which has a few issues. First of all, it opens a reentrancy attack vector, as the recipient can call back into the sender. Secondly, it opens a DoS vector, so parent functions must be cognizant of the possibility that the recipient will run out of gas or revert. Finally, the `CALL` opcode is needlessly expensive for simple ether transfers, as it requires the memory and stack to be expanded, the recipient's full data including code and memory to be loaded, and finally needs to execute a call, which might do other unintentional operations. Having a dedicated opcode for ether transfers solves all of these issues, and would be a useful addition to the EVM.
|
|
|
|
## Specification
|
|
|
|
| Parameter | Value |
|
|
| ------------------- | ------- |
|
|
| `PAY_OPCODE` | `0xf9` |
|
|
| `GAS_COST` | `3000` |
|
|
|
|
A new opcode is introduced: `PAY` (`PAY_OPCODE`), which:
|
|
|
|
- Pops two values from the stack: `addr` then `val`.
|
|
- Transfers `val` wei from the executing address to the address `addr`. If `addr` is the zero address, instead, `val` wei is burned from the executing address.
|
|
|
|
The cost of this opcode is `GAS_COST`. If `addr` is not the zero address, the [EIP-2929](./eip-2929.md) account access costs are also incurred (this includes the 25k gas cost for adding a new account to the state).
|
|
|
|
## Rationale
|
|
|
|
### Gas pricing
|
|
|
|
The gas pricing is that of a `CALL` with a positive `msg.value`, but without any memory expansion costs or "gas sent with call" costs, with a gas reduction of `500` to compensate for the reduced amount of computation.
|
|
|
|
### Argument order
|
|
|
|
The order of arguments mimicks that of `CALL`, which pops `addr` before `val`. Beyond consistency, though, this ordering aids validators pattern-matching MEV opportunities, so `PAY` always appears immediately after `COINBASE`.
|
|
|
|
## Backwards Compatibility
|
|
|
|
This change requires a hard fork.
|
|
|
|
## Security Considerations
|
|
|
|
Existing contracts should not rely on their balance being under their control, since it is already possible to send ether to an address without calling it, by creating a temporary contract and immediately `SELFDESTRUCT`ing it, sending the ether to an arbitrary address. However, this opcode does make this process cheaper for already-vulnerable contracts.
|
|
|
|
## Copyright
|
|
|
|
Copyright and related rights waived via [CC0](../LICENSE.md).
|