EVM STATICCALL opcode
The Byzantium hardfork added a new opcode called STATICCALL to EVM. In this post, we will take a look at this new opcode and explain in detail the problem it addresses to solve.
What is it?
STATICCALL is a new variant of CALL that permits only non-state-changing calls to other contracts (including itself). Any opcode that performs modifications to the state results in an exception instead of performing the modification. It is specified in EIP214 and is included in the Byzantium HF upgrade.
State change operations include:
- CREATE, CREATE2
- LOG0, LOG1, LOG2, LOG3, LOG4
- SSTORE
- SELFDESTRUCT
- CALL with a non-zero value
Note that CALLCODE is not included in the list even when the value is non-zero.
What problem it addresses to solve
What’s the essence of smart contracts? They are basically a state transition function which results in a new state given the current state and arguments. To write smart contracts securely, you need to control when the state can be modified.
STATICCALL allows you to call a function while disallowing any state change operation. If a contract depends only on reading data from another contract, you can safely assume that a conflicting state change won’t be triggered. It means a subset of reentrancy vulnerabilities is prevented.
How it is related to Solidity
Solidity already has the so-calledpure and view state modifiers.
- pure: functions that do not read or modify the state of the blockchain
- view: functions that can read, but never modify the state of the blockchain
At first it may look as if STATICCALL had a strong relationship with view state modifier because both allow only read and disallow modifications to the state. However, Solidity does not compile invocations of functions with view state modifier to STATICALL. Currently, both view and pure modifiers are enforced only in the compile time and erased once they are compiled to EVM bytecodes. However, it could be possible that future versions of the Solidity compiler use STATICCALL to enhance the security of Solidity programs.
This post was written in Oct 22, 2017.
