OpenEthereum client "Berlin" upgrade error

Alex Stokes @ralexstokes:

As you may have heard, a bug in the @OpenEthereum client caused some critical services underpinning the Ethereum network to go down.

Let's ponder the deal that caused the accident.

First of all, I would like to thank all the engineers who quickly responded to the incident and solved the problem:

https://twitter.com/OpenEthereumOrg/status/1382719444833726470?s=20…

Also, I didn't keep track of all the details myself, the important facts below are brought up by user eb on the Eth R&D discord server.

Let's start with the transaction that triggered the error:

https://etherscan.io/tx/0x7006f38fa2e6654fae1a781aefc5885fe0cb8f778b1add10636eaf7e34279247

A comic shared by Musk has been minted as an NFT and put on the OpenSea auction: According to news on April 30, according to Bloomberg News, a comic shared by Tesla CEO Elon Musk on social media has been minted as an NFT and put on sale. List OpenSea Auction. It is reported that the author of this comic is Colin Wright, the editor-in-chief of the online cultural review website Quillette. He also confirmed the news on social media and said that the current bidding price of the comic NFT is 1.25ETH, which is about 3600 US dollars, and the auction end date is May. 13th. [2022/4/30 2:42:09]

This is a contract call transaction, sent from the KuCoin exchange, that distributes ETH to many addresses. The ABI encoding of the call data for this transaction was wrong, which eventually led to a chain split. You can take a look at the "Input Data" of this transaction on Etherscan.

When calling sendEths in the contract, you need to provide two parameters: one is a variable-length array (dynamically sized array) about the target address; the other is a variable-length array about the transfer amount (in wei); only when the two match Which address to transfer how much money to.

Dubai real estate developer Damac Properties accepts BTC, ETH payments: April 27, Watcher.Guru said that Dubai real estate developer Damac Properties now accepts #Bitcoin and #Ethereum as payment methods. [2022/4/28 2:35:08]

We can parse the call data to see what went wrong: the first line (marked "" on Etherscan) indicates that the address list starts at byte 64 (line ""). The second line indicates that the list of transfer amounts starts at byte 416 (line "").

So, in general, we want to send a certain amount of ETH to an address in pairs, top down, to an address-seems straightforward.

However, when we start traversing the list, we first jump to the correct byte of call data, and the Solidity ABI states that the first word of data is the length of the entire indeterminate array.

The trading volume of the NFT project Azuki ranked first in OpenSea in the past 7 days: On January 26, OpenSea data showed that the trading volume of the NFT project Azuki in the past 7 days reached 34999.41 ETH, ranking first; the 24-hour trading volume reached 8691.04 ETH, ranking second. The current floor price is 6.5 ETH. [2022/1/26 9:14:04]

This is the source of the final bug: because the value in call dada is "0x10" (note, this is hexadecimal!), but call data only gives 10 address-value pairs. The correct ABI encoding for this call data (filled in line and line ) should be "0xA" -- not "0x10"!

You may have guessed what happens then, we can take a look at the execution trace:

https://etherscan.io/vmtrace?txhash=0x7006f38fa2e6654fae1a781aefc5885fe0cb8f778b1add10636eaf7e34279247&type=parity

The number of OpenSea (Polygon) transaction addresses exceeded 800,000, a record high: Jinse Finance reported that according to Dune Analytics data, the number of OpenSea (Polygon) transaction addresses exceeded 800,000, a record high. [2021/12/31 8:15:46]

The contract successfully traversed the first 10 addresses. Originally, the contract should stop executing at this time, but according to the statement of call data, there are still many addresses! Then go ahead and execute it.

However, according to the structure of the call data, the "11th address" is 0x10 for encoding the length of the list, so the contract tries to send 0 ETH to the address 0x10.

Also, it seems that when the contract tries to read call data that doesn't exist, it returns 0 ETH - you can imagine that the contract made a mistake here, but it continues to send 0 ETH to the call data it reads The other 6 "addresses" taken.

The ZT peripheral auction will start on Opengaga on August 13: According to the announcement on the official website, the ZT peripheral auction will be held on the NFT trading platform on Zenith Smart Chain on August 13, 2021. At that time, ZT figures and ZT 3rd anniversary T-shirts Black and white models, ZT laser bags, ZT treasures, ZT commemorative backpacks and ZT 3rd anniversary cards are auctioned at Opengaga. [2021/8/12 1:51:12]

At this point, you may notice that 0x10 may be one of our so-called "special addresses", which is completely within the scope of the EVM pre-compiled contract (the so-called "pre-compiled contract" is a special type of contract, in the EVM There are optimal implementations out there, but compiles like most contracts).

And we don't expect the precompiled contract 0x10 to return ETH. In this way, it becomes an ETH black hole. However, this doesn't necessarily cause any problems. What exactly caused the entire client to crash?

The reason is that 0x10 is actually a precompiled contract asserted by EIP-2537 for the BLS pairing cryptography program, but this EIP has not yet been deployed to mainnet. So although you can interact with this address, there is no contract in this address on the mainnet, and there will be no further actions.

In addition, we need a fact to explain this split, which, as you may have guessed, is the "Berlin" hard fork (it was this hard fork that brought this issue to the surface): it changed the gas consumption in the EVM Quantitative measurement method.

After the implementation of EIP-2929, if you perform state storage operations on the same storage slot multiple times in a transaction, the first execution will consume more Gas, and subsequent executions will consume less gas. This repricing would theoretically more accurately reflect the current cost of client access to storage items…

Also, be aware that in all client-side executions, this data is usually stored in a cheaper hardware layer.

Now we have finally found the OpenEthereum bug at block #12244294: the client includes all implemented precompiles as part of the EIP-2929 access manifest. (Translator's Note: Here it should be "EIP-2930")

Since EIP-2537 is already implemented in most clients (and at one point it was proposed to be included in the "Berlin" upgrade!), OpenEthereum gives a gas discount to all transactions that access 0x10.

But the vast majority of active-zce clients on the network do not implement EIP-2929 in this way, they only provide gas discounts for transactions that access activated precompiled contracts — and EIP-2537 belongs to precompiled contracts that have not been activated yet! Therefore, the OpenEthereum client's calculation of how much Gas was consumed by the transaction diverged from other clients in the network.

Fortunately, @mhswende quickly found the bug, and @sorpaas helped fix it: https://github.com/openethereum/openethereum/pull/364

There's still a lot to be said, and I'm expecting a better time report from someone with a better view than I.

All I can say is that this bug highlights the risks inherent in hard forks and the importance of continuing to work on building a more resilient infrastructure.

Single-client systems that rely on the OpenEthereum client were down for a while today as the client was unable to keep up with the network after the problematic block. Etherscan itself was down as a result.

Thankfully, the bug wasn't serious enough to cause a major chain fork, but the possibility isn't out of the question. We can leverage multi-client implementations to increase resistance - multi-client itself is a great strength of our Ethereum ecosystem - and push your infrastructure providers to do the same.

We've seen adoption in 2021 be faster than ever and the outlook is very bright. We need to learn from this accident and build a better Ethereum together.

Tags：

TRX