Skip to content
This repository has been archived by the owner on Jan 21, 2022. It is now read-only.

DELEGATECALL should receive only 63/64 of the remaining gas (and msg.gas should reflect that) #367

Closed
carver opened this issue Aug 6, 2017 · 5 comments
Closed

DELEGATECALL should receive only 63/64 of the remaining gas (and msg.gas should reflect that) #367

carver opened this issue Aug 6, 2017 · 5 comments
Assignees
@nicholasjpaterno
Labels
needs validation priority-high

Comments

@carver
Copy link

carver commented Aug 6, 2017
edited
Loading

A DELEGATECALL instruction should receive 63/64 of the remaining gas, but appears to be receiving the full remaining gas (according to a msg.gas call in solidity).

The gas used is defined in the yellow paper at Cgascap

Cgascap definition

Function L is defined in equation 224 on page 22: L(n) ≡ n − floor(n/64)

The Stackoverflow answer that inspired this report is here.

Tested this contract:

pragma solidity ^0.4.13;

contract TestDepth {
    uint256 public x;

    function depth(uint256 y) {
        if (y > 0) {
            this.delegatecall(bytes4(sha3('depth(uint256)')), --y);
        }
        else {
             // Save the remaining gas in storage so that we can access it later
             x = msg.gas;
        }
    }
}

Expected Behavior

The value of x when called with y:
y=0, x=2.98M
y=1, x~=2.93M
y=2, x~=2.88M

Current Behavior

y=0, 2978464
y=1, 2977288, diff = 1176
y=2, 2976176, diff = 1112

Steps to Reproduce (for bugs)

  1. Deploy contract
  2. Call depth(0) with 3M gas, get value of x
  3. Call depth(1), get value of x
  4. Call depth(2), get value of x

Context

I was testing this contract to try to understand (and protect against) stack depth attacks.
@benjaminion
Copy link

Can confirm. Testrpc version info: EthereumJS TestRPC v4.0.1 (ganache-core: 1.0.1)

@benjamincburns benjamincburns mentioned this issue Nov 28, 2017
Closed
@benjamincburns benjamincburns mentioned this issue Jan 30, 2018
Closed
@benjamincburns
Copy link
Contributor

This is an EVM bug. I've raised ethereumjs/ethereumjs-monorepo#255 to address it.

@benjamincburns
Copy link
Contributor

And thanks for reporting, @carver!

@holgerd77 holgerd77 mentioned this issue Feb 15, 2018
Closed
@davidmurdoch davidmurdoch self-assigned this Aug 14, 2018
@davidmurdoch
Copy link
Member

davidmurdoch commented Aug 14, 2018
edited
Loading

Branch https://github.com/trufflesuite/ganache-core/commits/all-but-one-64th created for this issue, including failing gas-estimation tests.

Still need to add tests to explicitly test the "All but one 64th" rule.

Because we don't properly estimate gas from the "All but one 64th" rule this one is blocked by trufflesuite/ganache#147.

@davidmurdoch davidmurdoch removed their assignment Nov 6, 2018
@nicholasjpaterno nicholasjpaterno self-assigned this Jan 24, 2019
@nicholasjpaterno nicholasjpaterno mentioned this issue Jan 31, 2019
Merged
@davidmurdoch
Copy link
Member

This should now be fixed in the latest beta tagged releases of ganache-cli and ganache-core.

This fix involved pretty significant code changes; check out the release notes for details.

We'd love it if you'd test this beta out to make sure things are good to go before we release to stable.

If you using ganache-cli, run:

npm install -g ganache-cli@beta

If you are using ganache-core, run:

npm install ganache-core@beta

Let us know if you discover any bugs with this new beta release! Thanks!

@Ivshti Ivshti mentioned this issue Apr 2, 2019
Closed
@codehawks-bot codehawks-bot mentioned this issue Aug 29, 2023
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@nicholasjpaterno nicholasjpaterno

Labels
needs validation priority-high
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@davidmurdoch @carver @benjamincburns @benjaminion @nicholasjpaterno