EIP 7: DELEGATECALL

Question

EIP 7: DELEGATECALL

vbuterin opened this issue 9 years ago · 19 comments

Overview

Add a new opcode, DELEGATECALL at 0xf4, which is similar in idea to CALLCODE, except that it propagates the sender and value from the parent scope to the child scope, ie. the call created has the same sender and value as the original call.

Specification

DELEGATECALL: 0xf4, takes 6 operands:

gas: the amount of gas the code may use in order to execute;
to: the destination address whose code is to be executed;
in_offset: the offset into memory of the input;
in_size: the size of the input in bytes;
out_offset: the offset into memory of the output;
out_size: the size of the scratch pad for the output.

Notes on Gas

The basic stipend is not given; gas is the total amount the callee receives.
Like CALLCODE, account creation never happens, so the upfront gas cost is always schedule.callGas + gas.
Unused gas is refunded as normal.

Notes on Sender

CALLER behaves exactly in the callee's environment as it does in the caller's environment.

Other Notes

The depth limit of 1024 is still preserved as normal.

Rationale

Propagating the sender and value from the parent scope to the child scope makes it much easier for a contract to store another address as a mutable source of code and ''pass through'' calls to it, as the child code would execute in essentially the same environment (except for reduced gas and increased callstack depth) as the parent.

Use case 1: split code to get around 3m gas barrier

~calldatacopy(0, 0, ~calldatasize())
if ~calldataload(0) < 2**253:
    ~delegate_call(msg.gas - 10000, $ADDR1, 0, ~calldatasize(), ~calldatasize(), 10000)
    ~return(~calldatasize(), 10000)
elif ~calldataload(0) < 2**253 * 2:
    ~delegate_call(msg.gas - 10000, $ADDR2, 0, ~calldatasize(), ~calldatasize(), 10000)
    ~return(~calldatasize(), 10000)
...

Use case 2: mutable address for storing the code of a contract:

if ~calldataload(0) / 2**224 == 0x12345678 and self.owner == msg.sender:
    self.delegate = ~calldataload(4)
else:
    ~delegate_call(msg.gas - 10000, self.delegate, 0, ~calldatasize(), ~calldatasize(), 10000)
    ~return(~calldatasize(), 10000)

The child functions called by these methods can now freely reference msg.sender and msg.value.

Possible arguments against

You can replicate this functionality by just sticking the sender into the first twenty bytes of the call data. However, this would mean that code would need to be specially compiled for delegated contracts, and would not be usable in delegated and raw contexts at the same time.

wanderer commented 9 years ago

+1

kumavis commented 8 years ago

👍

VoR0220 commented 7 years ago

yes.

Answer 1 · 2015-11-19T17:13:52.000Z

This is a very important update for reusable standard libraries

Answer 2 · 2015-11-20T19:41:11.000Z

The library feature was hamstrung because CALLCODE doesn't work like this! +1!

Answer 3 · 2015-11-21T08:00:30.000Z

Note that this works well with #8 , as otherwise sub-delegations will have to specify a fairly low return data size limit.

Answer 4 · 2015-11-21T18:48:33.000Z

For this to really support call delegation without having to inspect which function is actually called, we also need a way to retrieve the size of the returned data.
In your example - ~return(~calldatasize(), 10000) - we need to pay for returning the full 10000 bytes.

Answer 5 · 2015-11-23T11:43:31.000Z

Previous comment is not 100% true, see EIP5 - MSIZE provides a way to retrieve the size of the returned data.

Answer 6 · 2015-12-04T14:33:21.000Z

Should it be symmetric to CALL and CALLCODE?
CALLCODE takes 7 parameters even though value has no meaning, but only for the sake of symmetry. I think we should be consistent, and also take 7 parameters here, or remove one parameter in CALLCODE (but this would break backwards compatibility, and we don't want that)

Answer 7 · 2015-12-04T16:04:23.000Z

@CJentzsch I would rather argue for the remove of value from CALLCODE.

Answer 8 · 2015-12-04T16:08:12.000Z

@wanderer . I also like to have 6 values instead of 7. But changing CALLCODE is not possible anymore without breaking existing contracts. Therefore I think we have to live with asymmetry ( as a theoretical physicist I hate that ;-) )

Answer 9 · 2015-12-08T18:02:24.000Z

Just to double-check: Like CALLCODE, this will use the state of the delegator contract, not the delegatee contract, right? If so, this seems like a good idea. If not, it's a pretty big security hole.

Answer 10 · 2016-05-16T19:55:58.000Z

@vbuterin that one should be closed right ?

Answer 11 · 2016-05-19T20:37:31.000Z

can we close this now that this has been done?

Answer 12 · 2016-06-17T02:31:33.000Z

@wanderer @vbuterin @alexvandesande EIP is merged and on mainnet, please close issue

Answer 13 · 2018-01-29T08:55:00.000Z

I have a small doubt here, does delegate call allows the callee contracted to access the msg.sender(ethereum address of the account) of the caller contract?

Answer 14 · 2018-01-30T08:46:35.000Z

@VoR0220 will be available in the msg.sender itself or in some other variable?

Answer 15 · 2018-02-01T18:29:25.000Z

you would have to send it alongside another variable. Also tx.origin could do it as well I suppose. But then you expose your own contract to security faults in there as well.

Answer 16 · 2018-06-20T21:56:27.000Z

@CJentzsch actually, when you callcode with value, you really make a transfer to the address containing the code (and not to caller itself).