Addition of CALLDEPTH opcode
The EIP-3 proposal suggests adding a new opcode called CALLDEPTH to the Ethereum Virtual Machine (EVM). This opcode would return the remaining available call stack depth, which is the limit specifying how deep contracts can call other contracts. Currently, the call stack depth limit is 256, and if a contract invokes another contract and the limit has been reached, the operation will fail. This behavior can be exploited in a call stack attack, where an attacker creates a suitable depth of the stack and then invokes the targeted contract. If the targeted contract calls another contract and the call fails, the consequences could be damaging if the return value is not properly checked.
The CALLDEPTH opcode would provide a cheap and simple way to protect against call stack attacks. It would allow contracts to check the remaining call stack depth before making a call, and if the depth is too low, the contract can choose to abort the call or take other defensive measures. The proposal suggests that a value of 0 returned by CALLDEPTH would indicate that the call stack is exhausted, and no further calls can be made.
The implementation of CALLDEPTH is not included in the proposal, but it is expected to be fairly simple since the call stack depth limit is already present in the EVM during execution. The proposal also mentions that there is a library available for checking call stack depth experimentally, but it is quite costly in gas.
In summary, the addition of the CALLDEPTH opcode would provide a cheap and simple way to protect against call stack attacks by allowing contracts to check the remaining call stack depth before making a call. This would help prevent malicious users from exploiting the call stack depth limit and causing damage to contracts.
Video
Original
Abstract
This is a proposal to add a new opcode, CALLDEPTH. The CALLDEPTH opcode would return the remaining available call stack depth.
Motivation
There is a limit specifying how deep contracts can call other contracts; the call stack. The limit is currently 256. If a contract invokes another contract (either via CALL or CALLCODE), the operation will fail if the call stack depth limit has been reached.
This behaviour makes it possible to subject a contract to a "call stack attack" [1]. In such an attack, an attacker first creates a suitable depth of the stack, e.g. by recursive calls. After this step, the attacker invokes the targeted contract. If the targeted calls another contract, that call will fail. If the return value is not properly checked to see if the call was successful, the consequences could be damaging.
Example:
- Contract
Awants to be invoked regularly, and pays Ether to the invoker in every block. - When contract
Ais invoked, it calls contractsBandC, which consumes a lot of gas. After invocation, contractApays Ether to the caller. - Malicious user
Xensures that the stack depth is shallow before invoking A. Both calls toBandCfail, butXcan still collect the reward.
It is possible to defend against this in two ways:
- Check return value after invocation.
- Check call stack depth experimentally. A library [2] by Piper Merriam exists for this purpose. This method is quite costly in gas.
[1] a.k.a "shallow stack attack" and "stack attack". However, to be precise, the word ''stack'' has a different meaning within the EVM, and is not to be confused with the ''call stack''.
[2] https://github.com/pipermerriam/ethereum-stack-depth-lib
Specification
The opcode CALLDEPTH should return the remaining call stack depth. A value of 0 means that the call stack is exhausted, and no further calls can be made.
Rationale
The actual call stack depth, as well as the call stack depth limit, are present in the EVM during execution, but just not available within the EVM. The implementation should be fairly simple and would provide a cheap and way to protect against call stack attacks.
Implementation
Not implemented.
Adopted by projects
Not miss a beat of EIPs' update?
Subscribe EIPs Fun to receive the latest updates of EIPs Good for Buidlers to follow up.
View all