EIP-5920: PAY opcode

Pandapip1 · November 11, 2022, 6:18pm

Although I am an EIP editor, I do not specialize in core EIPs, and this is my first core EIP. Any feedback is appreciated!

axic · November 11, 2022, 6:44pm

There are a number of such proposals, the latest one being

Pandapip1 · December 20, 2022, 2:23pm

EIP-5065 is Stagnant (and should have been stagnant when you sent that message - it wasn’t due to an EIP-bot bug). In addition, there are quite a few issues with the linked EIP, such as the hexadecimal being invalid. I’ll ping @maxsam4, and move this EIP to review if there isn’t a response in two weeks.

Pandapip1 · January 4, 2023, 9:08pm

There has not been a response in >14 days. @axic would you mind taking a closer look before I move this to review?

Pandapip1 · January 8, 2023, 12:07am

Adding the cancun-candidate tag.

mikebolt · January 15, 2023, 9:05am

Could we throw in a burn opcode too? There is an actual benefit to having one because you could leave the address out and it would shorten the contract bytecode.

If you search on solidity forum I suggested send and burn keywords. These could be the opcodes generated by those keywords.

Pandapip1 · January 15, 2023, 1:39pm

According to the current spec, sending ether to address(0) is currently allowed. How about we make that a special case that burns ether?

EDIT: Done

mikebolt · January 15, 2023, 6:49pm

I think the EVM implementations could subtract the amount from the balance of the burner without adding it to the balance of the 0 address (or other burn address), which would be very slightly more efficient.

Pandapip1 · January 15, 2023, 7:44pm

That’s what I just added:

Transfers val wei from the executing address to the address addr. If addr is the zero address, instead, val wei is burned from the executing address.

horsefacts · January 20, 2023, 3:05am

I’m a big fan of this idea and the earlier EIP-5065. Any insight as to why these earlier proposals stagnated?

Pandapip1 · January 20, 2023, 5:13pm

The author went AWOL, and the proposal also had some issues, such as assigning the opcode to the “hexadecimal” value 0xFG. Ceci n’est pas hexadecimal.

Tointer · February 24, 2023, 5:45am

I support this EIP because:

Reentrancy attacks are very frequent and dangerous, reducing attack surface for them is great
It is consistent with ERC20 tokens, most of which not providing any ability to react to balance changes. It’s common (and costly) practice to wrap ether into WETH and transfer it this way.
Gas optimizations are nice, especially for smart contract wallets. This would also stack nicely with eip-3651
I don’t see that much use cases in having contracts being able to fully control their ETH balance in post-SELFDESTRUCT EVM
Creating opcode that would guarantee succesfull transfer through all hardforks would resolve confusion about different ways to send ether that exist today

shemnon · March 2, 2023, 3:47pm

I’d like to raise a concern for this OPCODE, and ask the authors solicit the advice of Solidity devs and some sampling of security auditors before this proceeds to be eligible for inclusion in Cancun.

Using the PAY opcode would enable bypassing the fallback functions of smart contracts, and the default coding of non-payable functions is to revert on function calls unexpectedly sending Ether to a smart contract. This subverts that protection. It is possible for a smart contract to configure itself so that no valid invocation results in Ether being deposited in the account. The motivation section of the EIP speaks to stoping reentrancy attacks, but a smart contract could configure their fallback function to accept payment and exit if they desired that ability. Enabling the PAY opcode prevents contracts from rejecting all payments.

One alternative to preserve this behavior would be to allow PAY to only work when sending value to accounts with no code in their account, but that isn’t much different from the existing CALL mechanisms.

Another concern is the gas schedule, it is not in harmony with the warm account/cold account pattern established in EIP-2929 (which it cites) and instead proposes a different handling. If it proceeds I would ask the gas be set up as a premium (100 gas or so) on top of the warm/cold cost, and that it interacts with the warm/cold lists like the CALL and SSTORE series opcodes do. Specifically, i think adopting the gas pattern used in CALL would be the best pricing strategy and present the most maintainable code for clients.

Pandapip1 · March 7, 2023, 3:45pm

It’s already possible to do this with SELFDESTRUCT and coinbase payments, as mentioned in the motivation. This introduces no new security concerns.

See SWC-132 - Smart Contract Weakness Classification (SWC)

As mentioned in the specification, the EIP-2929 costs are applied.

shemnon · March 7, 2023, 4:41pm

As mentioned in the specification, the EIP-2929 costs are applied.

New account costs are not being applied (25K when paying to an address with an empty account)

Pandapip1 · March 7, 2023, 4:42pm

Are they not? Oops then, I’ll fix that.

mikebolt · March 13, 2023, 9:56pm

This is a good point but I would argue that fallbacks are potentially dangerous and should be deprecated. However, this should definitely be noted as a big caveat in the documentation for the new PAY opcode.

asdnlasdlkj · March 14, 2023, 3:30am

What reason would someone have to burn ETH?

Pandapip1 · March 14, 2023, 9:45pm

Beats me. Now that I think about it, it would probably make more sense for the call to fail, to avoid potential bug-related losses.

asdnlasdlkj · March 14, 2023, 11:35pm

It’s probably best not to make any kind of special exemption for the zero address, that’s how all the call opcodes already operate