# Control-Flow-Aligned Code Hashing ## Write-up The instruction sequence ``PUSHi X JUMP[i]``, where ``X`` is larger than the PC of the push instruction is called a *static forward jump*. We subdivide the code into largest blocks that start at a JUMPDEST (or PC 0) and end at a terminating instruction or an unconditional jump. We call these blocks *basic blocks*. We call the PC of the first instruction of a basic block the *starting PC* of the basic block. The basic block with starting PC 0 is called the *initial block*. Create a directed (acyclic but not necesarily connected) graph ``G`` where there is one node per basic block and there is an arc from basic block ``A`` to basic block ``B`` if and only if ``A`` contains a static forward jump to a PC inside ``B``. > Will it be one graph? if not, do we need to store the "initial block" for every graph in the account? [name=s] To each node in the graph we associate the hash of the following data: - the starting PC of the basic block - the hashes of the nodes this node has an arc to - the code of the node We subdivide the code of each account into chunks of a certain fixed size, add the hashes of all nodes of the aforementioned graph whose starting PC is inside the chunk and create a binary Merkle tree ``M`` of this structure. The root of this Merkle tree and the hash of the initial block is stored with each account. > Curious why fixed sized chunks in `M`? [name=s] A transaction executing code needs to supply the code of the basic blocks that were executed, their starting PC and the hashes of all nodes of ``G`` that are not executed but have an arc from a node that is executed. In order to avoid fake proofs, we need to anchor each of the basic blocks either to the basic block with starting PC 0 or to ``M``. The provided basic blocks are a sub-graph ``G'`` of ``G``. We add an additional node to ``G'`` representing ``M``. Now we try to find a (minimal) set of new edges to add from ``M`` such that each node is reachable from ``M`` or from the initial block. For each such edge, we provide a Merkle proof in ``M`` for the basic block the edge goes to. > Can you clarify the part where you add a node to `G'` to represent `M`? [name=s] Note that we need to add at most one Merkle proof for each jump in the execution that is not a static forward jump. It is not possible to provide invalid code because of the hash structure of ``G`` and ``M``. ## Message [...] we came up with an alternative that might be much cheaper but is admittedly a bit more complicated. The idea is that "merkle" proofs follow execution order instead of code offset. More details: The account also contains the root of a second hash tree that is created following all static jumps across basic blocks starting from PC 0, ignoring back edges (each tree node corresponds to such a basic block and its hash is created from its code, its starting PC and the hashes of the target blocks of static jumps). This new structure is actually a forest (it needs to be computed not just starting from PC 0, but there are multiple disconnected components) and needs to be linked from a full binary/merkle tree of the code. Proofs of execution now work as follows: the code of all executed code is included as well as the hashes (in this new structure) of all static jumps that are not taken. For each dynamic jump, we use a proof in the traditional binary/merkle tree of all code/all basic blocks. Since this tree links back into the new structure, we can go back to the more efficient proofs directly after the jump. The proof size in addition to the actually executed code should be: one hash per static jump not taken plus a full binary merkle proof per dynamic jump. Note that if we disallow dynamic jumps completely, the execution will need its own binary search for each function. Actually the generation of the hash tree in my proposal above can be simplified: instead of a complicated graph search, just hash all static jumps to a pc larger than the current and treat all other static jumps as dynamic jumps
Last changed by  
Sina Mahmoodi
123

Read more

7002 withdrawal schedule

Adding a withdrawal requests to the queue costs 74160 gas per call, which means you can add ~480 withdrawals per block. Within two blocks, the fee to add more withdrawals to the queue will take roughly 2.6 million ETH in the next block. The amount of ETH needed to add another withdrawal will go down over the next blocks, but the curve of the increase is extremely steep. You can kinda think of it as if the 12.5% increase per block of 1559 is only applied every 480 blocks. So whenever this increase applied, the fee not only goes up by 12.5% but by (12.5%)^480, thus the fee increases quite suddenly. The fee will slowly go down on every block, but it will take 126 blocks until the fee is below 1 ETH to add a withdrawal to the queue. This means that an attacker can grief staking pools quite easily. NUMBERS

3/4/2025
Onchain day 6

Kurtosis challenge To run Kurtosis, you will need Docker. Check out the installation docs for Docker. Then see how to install Kurtosis. This is the configuration we will be using for our private network. It will include 3 nodes. 2 Geth<->Lighthouse pairs and one Geth<->Teku pair. It will additionally run dora the blockchain explorer. Save the following to a file basic.yaml. participants: - el_type: geth cl_type: lighthouse

2/13/2025
Writing a testcase for graphql

I'm adding a testcase for EIP-4844 which will be shipped in the Cancun hardfork. The graphql schema will change to include the additional fields in the block and transaction data structures. Refer to https://github.com/ethereum/execution-apis/pull/468 for the schema changes. The graphql simulator https://github.com/ethereum/hive/tree/master/simulators/ethereum/graphql comes with a chain. However this chain does not include 4844 blocks. So we need to update the chain and add new blocks + txes. For that we use https://github.com/s1na/graphqltestgen. graphqltestgen This tool is used to extend an existing chain which at first consisted of only frontier blocks and later extended with post-merge blocks. The benefit here is we can test the response at fork boundaries too. It takes in a genesis configuration assumed to be at ./genesis.json and the RLP-serialized list of blocks at ./chain.rlp. Note: you need to modify the code to implement the kind of block you want to add. The new chain will be written to ./newchain.rlp. Note since the merge forks happen after a given timestamp. Since the new block should be Cancun, the genesis file must be modified with a value for "cancunTime". To calculate the value, we need to know the timestamp of the last block. This is because the chain generator will automatically assign parentBlock + 10 as the timestamp of any new block. So I print the current header with go run main.go head to find out the latest timestamp.

10/3/2023
state

tracer hooks OnBalanceChange(addr common.Address, prev, new *big.Int, reason BalanceChangeReason) OnNonceChange(addr common.Address, prev, new uint64) OnCodeChange(addr common.Address, prevCodeHash common.Hash, prevCode []byte, codeHash common.Hash, code []byte) OnStorageChange(addr common.Address, slot common.Hash, prev, new common.Hash) OnLog(log *types.Log) OnNewAccount(addr common.Address) blockchain

8/8/2023
Read more from Sina Mahmoodi
Published on HackMD