Skip to content

EIP-3607 added check to make sure a contract account cannot transfer funds as an EOA account #9717

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

EIP-3607 added check to make sure a contract account cannot transfer funds as an EOA account #9717

wants to merge 4 commits into from
+60 −0

Conversation

0xRVE
Copy link
Contributor

@0xRVE 0xRVE commented Sep 11, 2025

No description provided.

@0xRVE 0xRVE linked an issue Sep 11, 2025 that may be closed by this pull request
[pallet-revive] EVM backend: EIP-3607 #9570
Open
@0xRVE
Copy link
Contributor Author

0xRVE commented Sep 11, 2025

/cmd prdoc --audience runtime_dev --bump patch

@0xRVE 0xRVE added the T7-smart_contracts This PR/Issue is related to smart contracts. label Sep 11, 2025
@0xRVE 0xRVE requested review from xermicus, athei and pgherveou and removed request for xermicus and athei September 11, 2025 19:46
@0xRVE 0xRVE changed the title added check to make sure a contract account cannot transfer funds as an EOA account EIP-3607 added check to make sure a contract account cannot transfer funds as an EOA account Sep 11, 2025
pgherveou
pgherveou requested changes Sep 12, 2025
View reviewed changes
substrate/frame/revive/src/exec.rs Outdated
@@ -1527,6 +1527,22 @@ where
Ok(())
}

// Only reject if the account actually has deployed contract code (non-empty code hash).
Copy link
Contributor

@pgherveou pgherveou Sep 12, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

EIP-3607: Reject transactions from senders with deployed code
Do not allow transactions for which tx.sender has any code deployed

We need to deny all pallet::call to be dispatched by a contract.
Easiest is probably to replace

let origin = ensure_signed(origin)?;

by a wrapper function that also checks it's not a contract

Copy link
Contributor Author

@0xRVE 0xRVE Sep 12, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should this additional check go in every extrinsic?

	#[pallet::call]
	impl<T: Config> Pallet<T>

Only in the call extrinsic?
In all extrinsics that currently have ensure_signed?

EDIT
Replace all ensure_signed calls with the new wrapper check?

@paritytech-workflow-stopper
Copy link

All GitHub workflows were cancelled due to failure one of the required jobs.
Failed workflow url: https://github.com/paritytech/polkadot-sdk/actions/runs/17676690821
Failed job name: test-linux-stable-int

pgherveou
pgherveou reviewed Sep 13, 2025
View reviewed changes
substrate/frame/revive/src/lib.rs
/// Ensure the origin has no code deplyoyed if it is a signed origin.
fn ensure_non_contract_if_signed(origin: &OriginFor<T>) -> Result<(), DispatchError> {
use crate::exec::EMPTY_CODE_HASH;
if let Ok(who) = ensure_signed(origin.clone()) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit use ?

substrate/frame/revive/src/lib.rs
use crate::exec::EMPTY_CODE_HASH;
if let Ok(who) = ensure_signed(origin.clone()) {
let addr = <T::AddressMapper as AddressMapper<T>>::to_address(&who);
if let Some(contract) = AccountInfo::<T>::load_contract(&addr) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we just need to check load_contract(...).is_none() ?

substrate/frame/revive/src/lib.rs
@@ -1193,6 +1213,15 @@ where
storage_deposit_limit: DepositLimit<BalanceOf<T>>,
data: Vec<u8>,
) -> ContractResult<ExecReturnValue, BalanceOf<T>> {
if let Err(contract_result) =
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we want that in bare_instantiate as well

maybe refactor ensure_non_contract_if_signed so it return a Result<(), ContractResult>, so we don't have to repeat the mapping twice

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pgherveou pgherveou pgherveou requested changes

@athei athei Awaiting requested review from athei

@xermicus xermicus Awaiting requested review from xermicus

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
T7-smart_contracts This PR/Issue is related to smart contracts.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[pallet-revive] EVM backend: EIP-3607
2 participants
@0xRVE @pgherveou