Opcode Rules

[boolafish]

Opcode Rules

• Block access from opcodes that access information outside of storage and code (aka “environment”).
  • [OP-011] Blocked opcodes:
    - [x] ORIGIN (0x32)
    - [x] GASPRICE (0x3A)
    - [x] BLOCKHASH (0x40)
    - [x] COINBASE (0x41)
    - [x] TIMESTAMP (0x42)
    - [x] NUMBER (0x43)
    - [x] PREVRANDAO/DIFFICULTY (0x44)
    - [ ] GASLIMIT (0x45)
    - [x] BASEFEE (0x48)
    - [x] BLOBHASH (0x49)
    - [x] BLOBBASEFEE (0x4A)
    - [ ] CREATE (0xF0) (except in the “Contract Creation” and “Staked factory creation” sections, below)
    - [x] INVALID (0xFE)
    - [x] SELFDESTRUCT (0xFF)
  • [OP-012] GAS (0x5A) opcode is allowed, but only if followed immediately by *CALL instructions, else it is blocked.
    This is a common way to pass all remaining gas to an external call, and it means that the actual value is consumed from the stack immediately and cannot be accessed by any other opcode.
  • [OP-13] any “unassigned” opcode.
• [OP-020] Revert on “out of gas” is forbidden as it can “leak” the gas limit or the current call stack depth.
• Contract creation:
  • [OP-031] CREATE2 is allowed exactly once in the deployment frame and must deploy code for the “sender” address. (Either by the factory itself, or by a utility contract it calls)
  • [OP-032] If there is a factory (even unstaked), the sender contract is allowed to use CREATE opcode (That is, only the sender contract itself, not through a utility contract)
• Access to an address without a deployed code is forbidden:
  • [OP-041] For EXTCODE* and *CALL opcodes.
  • [OP-042] Exception: access to the “sender” address is allowed. This is only possible in factory code during the deployment frame.
• Allowed access to the EntryPoint address:
  • [OP-051] May call EXTCODESIZE ISZERO
    This pattern is used to check that the destination has a code before the depositTo function is called.
  • [OP-052] May call depositTo(sender) with any value from either the sender or factory.
  • [OP-053] May call the fallback function from the sender with any value.
  • [OP-054] Any other access to the EntryPoint (either of the *CALL or EXT* opcodes) is forbidden.
  • [OP-055] May call incrementNonce()) from the sender
• *CALL opcodes:
  • [OP-061] CALL with value is forbidden. The only exception is a call to the EntryPoint described above.
  • [OP-062] Precompiles:
    - [ ] Only allow known accepted precompiles on the network, that do not access anything in the blockchain state or environment.
    - [ ] The core precompiles 0x1 .. 0x11
    - [ ] The RIP-7212 secp256r1 precompile, on networks that accepted it.
• [OP-070] Transient Storage slots defined in EIP-1153 and accessed using TLOAD (0x5c) and TSTORE (0x5d) opcodes are treated exactly like persistent storage (SLOAD/SSTORE).
• [OP-080] BALANCE (0x31) and SELFBALANCE (0x47) are only allowed from a staked entity; otherwise, they are blocked.