// Copyright 2014 The go-ethereum Authors // This file is part of the go-ethereum library. // // The go-ethereum library is free software: you can redistribute it and/or modify // it under the terms of the GNU Lesser General Public License as published by // the Free Software Foundation, either version 3 of the License, or // (at your option) any later version. // // The go-ethereum library is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU Lesser General Public License for more details. // // You should have received a copy of the GNU Lesser General Public License // along with the go-ethereum library. If not, see . package core import ( "fmt" "math/bits" "github.com/ledgerwatch/erigon/consensus" "github.com/holiman/uint256" "github.com/ledgerwatch/erigon/common" cmath "github.com/ledgerwatch/erigon/common/math" "github.com/ledgerwatch/erigon/core/types" "github.com/ledgerwatch/erigon/core/vm" "github.com/ledgerwatch/erigon/crypto" "github.com/ledgerwatch/erigon/params" ) var emptyCodeHash = crypto.Keccak256Hash(nil) /* The State Transitioning Model A state transition is a change made when a transaction is applied to the current world state The state transitioning model does all the necessary work to work out a valid new state root. 1) Nonce handling 2) Pre pay gas 3) Create a new state object if the recipient is \0*32 4) Value transfer == If contract creation == 4a) Attempt to run transaction data 4b) If valid, use result as code for the new state object == end == 5) Run Script section 6) Derive new state root */ type StateTransition struct { gp *GasPool msg Message gas uint64 gasPrice *uint256.Int gasFeeCap *uint256.Int tip *uint256.Int initialGas uint64 value *uint256.Int data []byte state vm.IntraBlockState evm vm.VMInterface //some pre-allocated intermediate variables sharedBuyGas *uint256.Int sharedBuyGasBalance *uint256.Int isParlia bool isBor bool } // Message represents a message sent to a contract. type Message interface { From() common.Address To() *common.Address GasPrice() *uint256.Int FeeCap() *uint256.Int Tip() *uint256.Int Gas() uint64 Value() *uint256.Int Nonce() uint64 CheckNonce() bool Data() []byte AccessList() types.AccessList } // ExecutionResult includes all output after executing given evm // message no matter the execution itself is successful or not. type ExecutionResult struct { UsedGas uint64 // Total used gas but include the refunded gas Err error // Any error encountered during the execution(listed in core/vm/errors.go) ReturnData []byte // Returned data from evm(function result or data supplied with revert opcode) } // Unwrap returns the internal evm error which allows us for further // analysis outside. func (result *ExecutionResult) Unwrap() error { return result.Err } // Failed returns the indicator whether the execution is successful or not func (result *ExecutionResult) Failed() bool { return result.Err != nil } // Return is a helper function to help caller distinguish between revert reason // and function return. Return returns the data after execution if no error occurs. func (result *ExecutionResult) Return() []byte { if result.Err != nil { return nil } return common.CopyBytes(result.ReturnData) } // Revert returns the concrete revert reason if the execution is aborted by `REVERT` // opcode. Note the reason can be nil if no data supplied with revert opcode. func (result *ExecutionResult) Revert() []byte { if result.Err != vm.ErrExecutionReverted { return nil } return common.CopyBytes(result.ReturnData) } // IntrinsicGas computes the 'intrinsic gas' for a message with the given data. func IntrinsicGas(data []byte, accessList types.AccessList, isContractCreation bool, isHomestead, isEIP2028 bool) (uint64, error) { // Set the starting gas for the raw transaction var gas uint64 if isContractCreation && isHomestead { gas = params.TxGasContractCreation } else { gas = params.TxGas } // Auxiliary variables for overflow protection var product, overflow uint64 // Bump the required gas by the amount of transactional data if len(data) > 0 { // Zero and non-zero bytes are priced differently var nz uint64 for _, byt := range data { if byt != 0 { nz++ } } // Make sure we don't exceed uint64 for all data combinations nonZeroGas := params.TxDataNonZeroGasFrontier if isEIP2028 { nonZeroGas = params.TxDataNonZeroGasEIP2028 } overflow, product = bits.Mul64(nz, nonZeroGas) if overflow != 0 { return 0, ErrGasUintOverflow } gas, overflow = bits.Add64(gas, product, 0) if overflow != 0 { return 0, ErrGasUintOverflow } z := uint64(len(data)) - nz overflow, product = bits.Mul64(z, params.TxDataZeroGas) if overflow != 0 { return 0, ErrGasUintOverflow } gas, overflow = bits.Add64(gas, product, 0) if overflow != 0 { return 0, ErrGasUintOverflow } } if accessList != nil { overflow, product = bits.Mul64(uint64(len(accessList)), params.TxAccessListAddressGas) if overflow != 0 { return 0, ErrGasUintOverflow } gas, overflow = bits.Add64(gas, product, 0) if overflow != 0 { return 0, ErrGasUintOverflow } overflow, product = bits.Mul64(uint64(accessList.StorageKeys()), params.TxAccessListStorageKeyGas) if overflow != 0 { return 0, ErrGasUintOverflow } gas, overflow = bits.Add64(gas, product, 0) if overflow != 0 { return 0, ErrGasUintOverflow } } return gas, nil } // NewStateTransition initialises and returns a new state transition object. func NewStateTransition(evm vm.VMInterface, msg Message, gp *GasPool) *StateTransition { isParlia := evm.ChainConfig().Parlia != nil isBor := evm.ChainConfig().Bor != nil return &StateTransition{ gp: gp, evm: evm, msg: msg, gasPrice: msg.GasPrice(), gasFeeCap: msg.FeeCap(), tip: msg.Tip(), value: msg.Value(), data: msg.Data(), state: evm.IntraBlockState(), sharedBuyGas: uint256.NewInt(0), sharedBuyGasBalance: uint256.NewInt(0), isParlia: isParlia, isBor: isBor, } } // ApplyMessage computes the new state by applying the given message // against the old state within the environment. // // ApplyMessage returns the bytes returned by any EVM execution (if it took place), // the gas used (which includes gas refunds) and an error if it failed. An error always // indicates a core error meaning that the message would always fail for that particular // state and would never be accepted within a block. // `refunds` is false when it is not required to apply gas refunds // `gasBailout` is true when it is not required to fail transaction if the balance is not enough to pay gas. // for trace_call to replicate OE/Pariry behaviour func ApplyMessage(evm vm.VMInterface, msg Message, gp *GasPool, refunds bool, gasBailout bool) (*ExecutionResult, error) { return NewStateTransition(evm, msg, gp).TransitionDb(refunds, gasBailout) } // to returns the recipient of the message. func (st *StateTransition) to() common.Address { if st.msg == nil || st.msg.To() == nil /* contract creation */ { return common.Address{} } return *st.msg.To() } func (st *StateTransition) buyGas(gasBailout bool) error { mgval := st.sharedBuyGas mgval.SetUint64(st.msg.Gas()) mgval, overflow := mgval.MulOverflow(mgval, st.gasPrice) if overflow { return fmt.Errorf("%w: address %v", ErrInsufficientFunds, st.msg.From().Hex()) } balanceCheck := mgval if st.gasFeeCap != nil { balanceCheck = st.sharedBuyGasBalance.SetUint64(st.msg.Gas()) balanceCheck, overflow = balanceCheck.MulOverflow(balanceCheck, st.gasFeeCap) if overflow { return fmt.Errorf("%w: address %v", ErrInsufficientFunds, st.msg.From().Hex()) } balanceCheck, overflow = balanceCheck.AddOverflow(balanceCheck, st.value) if overflow { return fmt.Errorf("%w: address %v", ErrInsufficientFunds, st.msg.From().Hex()) } } if have, want := st.state.GetBalance(st.msg.From()), balanceCheck; have.Cmp(want) < 0 { if !gasBailout { return fmt.Errorf("%w: address %v have %v want %v", ErrInsufficientFunds, st.msg.From().Hex(), have, want) } } else { st.state.SubBalance(st.msg.From(), mgval) } if err := st.gp.SubGas(st.msg.Gas()); err != nil { if !gasBailout { return err } } st.gas += st.msg.Gas() st.initialGas = st.msg.Gas() return nil } // DESCRIBED: docs/programmers_guide/guide.md#nonce func (st *StateTransition) preCheck(gasBailout bool) error { // Make sure this transaction's nonce is correct. if st.msg.CheckNonce() { stNonce := st.state.GetNonce(st.msg.From()) if msgNonce := st.msg.Nonce(); stNonce < msgNonce { return fmt.Errorf("%w: address %v, tx: %d state: %d", ErrNonceTooHigh, st.msg.From().Hex(), msgNonce, stNonce) } else if stNonce > msgNonce { return fmt.Errorf("%w: address %v, tx: %d state: %d", ErrNonceTooLow, st.msg.From().Hex(), msgNonce, stNonce) } else if stNonce+1 < stNonce { return fmt.Errorf("%w: address %v, nonce: %d", ErrNonceMax, st.msg.From().Hex(), stNonce) } // Make sure the sender is an EOA (EIP-3607) if codeHash := st.state.GetCodeHash(st.msg.From()); codeHash != emptyCodeHash && codeHash != (common.Hash{}) { // common.Hash{} means that the sender is not in the state. // Historically there were transactions with 0 gas price and non-existing sender, // so we have to allow that. return fmt.Errorf("%w: address %v, codehash: %s", ErrSenderNoEOA, st.msg.From().Hex(), codeHash) } } // Make sure the transaction gasFeeCap is greater than the block's baseFee. if st.evm.ChainRules().IsLondon { // Skip the checks if gas fields are zero and baseFee was explicitly disabled (eth_call) if !st.evm.Config().NoBaseFee || !st.gasFeeCap.IsZero() || !st.tip.IsZero() { if l := st.gasFeeCap.BitLen(); l > 256 { return fmt.Errorf("%w: address %v, gasFeeCap bit length: %d", ErrFeeCapVeryHigh, st.msg.From().Hex(), l) } if l := st.tip.BitLen(); l > 256 { return fmt.Errorf("%w: address %v, tip bit length: %d", ErrTipVeryHigh, st.msg.From().Hex(), l) } if st.gasFeeCap.Cmp(st.tip) < 0 { return fmt.Errorf("%w: address %v, tip: %s, gasFeeCap: %s", ErrTipAboveFeeCap, st.msg.From().Hex(), st.gasFeeCap, st.tip) } if st.gasFeeCap.Cmp(st.evm.Context().BaseFee) < 0 { return fmt.Errorf("%w: address %v, gasFeeCap: %d baseFee: %d", ErrFeeCapTooLow, st.msg.From().Hex(), st.gasFeeCap.Uint64(), st.evm.Context().BaseFee.Uint64()) } } } return st.buyGas(gasBailout) } // TransitionDb will transition the state by applying the current message and // returning the evm execution result with following fields. // // - used gas: // total gas used (including gas being refunded) // - returndata: // the returned data from evm // - concrete execution error: // various **EVM** error which aborts the execution, // e.g. ErrOutOfGas, ErrExecutionReverted // // However if any consensus issue encountered, return the error directly with // nil evm execution result. func (st *StateTransition) TransitionDb(refunds bool, gasBailout bool) (*ExecutionResult, error) { var input1 *uint256.Int var input2 *uint256.Int if st.isBor { input1 = st.state.GetBalance(st.msg.From()).Clone() input2 = st.state.GetBalance(st.evm.Context().Coinbase).Clone() } // First check this message satisfies all consensus rules before // applying the message. The rules include these clauses // // 1. the nonce of the message caller is correct // 2. caller has enough balance to cover transaction fee(gaslimit * gasprice) // 3. the amount of gas required is available in the block // 4. the purchased gas is enough to cover intrinsic usage // 5. there is no overflow when calculating intrinsic gas // 6. caller has enough balance to cover asset transfer for **topmost** call // BSC always gave gas bailout due to system transactions that set 2^256/2 gas limit and // for Parlia consensus this flag should be always be set if st.isParlia { gasBailout = true } // Check clauses 1-3 and 6, buy gas if everything is correct if err := st.preCheck(gasBailout); err != nil { return nil, err } msg := st.msg sender := vm.AccountRef(msg.From()) homestead := st.evm.ChainRules().IsHomestead istanbul := st.evm.ChainRules().IsIstanbul london := st.evm.ChainRules().IsLondon contractCreation := msg.To() == nil // Check clauses 4-5, subtract intrinsic gas if everything is correct gas, err := IntrinsicGas(st.data, st.msg.AccessList(), contractCreation, homestead, istanbul) if err != nil { return nil, err } if st.gas < gas { return nil, fmt.Errorf("%w: have %d, want %d", ErrIntrinsicGas, st.gas, gas) } st.gas -= gas var bailout bool // Gas bailout (for trace_call) should only be applied if there is not sufficient balance to perform value transfer if gasBailout { if !msg.Value().IsZero() && !st.evm.Context().CanTransfer(st.state, msg.From(), msg.Value()) { bailout = true } } // Set up the initial access list. if st.evm.ChainRules().IsBerlin { st.state.PrepareAccessList(msg.From(), msg.To(), vm.ActivePrecompiles(st.evm.ChainRules()), msg.AccessList()) } var ( ret []byte vmerr error // vm errors do not effect consensus and are therefore not assigned to err ) if contractCreation { // The reason why we don't increment nonce here is that we need the original // nonce to calculate the address of the contract that is being created // It does get incremented inside the `Create` call, after the computation // of the contract's address, but before the execution of the code. ret, _, st.gas, vmerr = st.evm.Create(sender, st.data, st.gas, st.value) } else { // Increment the nonce for the next transaction st.state.SetNonce(msg.From(), st.state.GetNonce(sender.Address())+1) ret, st.gas, vmerr = st.evm.Call(sender, st.to(), st.data, st.gas, st.value, bailout) } if refunds { if london { // After EIP-3529: refunds are capped to gasUsed / 5 st.refundGas(params.RefundQuotientEIP3529) } else { // Before EIP-3529: refunds were capped to gasUsed / 2 st.refundGas(params.RefundQuotient) } } effectiveTip := st.gasPrice if london { effectiveTip = cmath.Min256(st.tip, new(uint256.Int).Sub(st.gasFeeCap, st.evm.Context().BaseFee)) } amount := new(uint256.Int).SetUint64(st.gasUsed()) amount.Mul(amount, effectiveTip) // gasUsed * effectiveTip = how much goes to the block producer (miner, validator) if st.isParlia { st.state.AddBalance(consensus.SystemAddress, amount) } else { st.state.AddBalance(st.evm.Context().Coinbase, amount) } if st.isBor { if london { burntContractAddress := common.HexToAddress(st.evm.ChainConfig().Bor.CalculateBurntContract(st.evm.Context().BlockNumber)) burnAmount := new(uint256.Int).Mul(new(uint256.Int).SetUint64(st.gasUsed()), st.evm.Context().BaseFee) st.state.AddBalance(burntContractAddress, burnAmount) } // Deprecating transfer log and will be removed in future fork. PLEASE DO NOT USE this transfer log going forward. Parameters won't get updated as expected going forward with EIP1559 // add transfer log output1 := input1.Clone() output2 := input2.Clone() AddFeeTransferLog( st.state, msg.From(), st.evm.Context().Coinbase, amount, input1, input2, output1.Sub(output1, amount), output2.Add(output2, amount), ) } return &ExecutionResult{ UsedGas: st.gasUsed(), Err: vmerr, ReturnData: ret, }, nil } func (st *StateTransition) refundGas(refundQuotient uint64) { // Apply refund counter, capped to half of the used gas. refund := st.gasUsed() / refundQuotient if refund > st.state.GetRefund() { refund = st.state.GetRefund() } st.gas += refund // Return ETH for remaining gas, exchanged at the original rate. remaining := new(uint256.Int).Mul(new(uint256.Int).SetUint64(st.gas), st.gasPrice) st.state.AddBalance(st.msg.From(), remaining) // Also return remaining gas to the block gas counter so it is // available for the next transaction. st.gp.AddGas(st.gas) } // gasUsed returns the amount of gas used up by the state transition. func (st *StateTransition) gasUsed() uint64 { return st.initialGas - st.gas }