You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: src/eth/addresses.md
+61-2Lines changed: 61 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -29,7 +29,7 @@ The identification of an appearance solves a discovery problem. Once an importan
29
29
for a particular address have been found, an analysis of what the appearance means can be performed,
30
30
although this is beyond the scope of this specification.
31
31
32
-
## Specification
32
+
## Terminology
33
33
34
34
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 and RFC 8174.
35
35
@@ -284,4 +284,63 @@ It can be seen in the example below (a subset of the response from the above cal
284
284
"type": "CALL"
285
285
}
286
286
}
287
-
```
287
+
```
288
+
289
+
## Security Considerations
290
+
291
+
The EVM allows for use of data that has the same structure as a 20 byte address.
292
+
The algorithm used to find address appearances ideally minimises missing appearances
293
+
(false negatives) and so may include false positives.
294
+
295
+
### False positives: Appearances returned for addresses that do not exist
296
+
297
+
Some non-address data with a particular encoding may be used and be misclassified
298
+
as an address. For example, calldata for a specific application that is not
299
+
encoding for an address.
300
+
301
+
False positives can lead to a larger response size, and wasted effort if performing
302
+
semantic analysis of transactions for addresses found.
303
+
304
+
### False negatives: Vanity address
305
+
306
+
An address may be found with more zeros than the specification allows. This
307
+
process involves generating private keys and checking the associated address.
308
+
309
+
The presence of such a "vanity address" will not be detected by algorithms
310
+
conforming to this specification. This design tradeoff allows fewer false positives.
311
+
312
+
### False negatives: Address composition
313
+
314
+
A contract may manipulate separate bytes to construct an address and then use this
315
+
for an opcode that does not get detected by the algorithm, such as BALANCE.
316
+
317
+
This will be missed by the algorithm, which constitutes an appearance of the address
318
+
(its balance was checked) that will be absent in semantic analysis. This impact is
319
+
limited a the subset of opcodes (BALANCE, EXTCODESIZE, ...) and any analysis should take
320
+
this into account.
321
+
322
+
### Multiple appearances
323
+
324
+
An address may appear multiple times within a block, as any combination of intra-transaction
325
+
and extra-transaction appearances. The method response includes transaction indices
326
+
for all intra-transaction indices. It is the responsibility of the caller to check
327
+
if the block also containes extra-transaction appearances when a transaction index is returned.
328
+
329
+
For example, a user may receive a withdrawal and perform a transaction in the same block.
330
+
331
+
### Precompiles
332
+
333
+
Existing precompiles are located at addresses `0x01` to `0x09`. They do
334
+
not meet definitional criteria and SHOULD NOT be included.
335
+
336
+
Future precompiles may be deployed at addresses that meet criteria however, SHOULD NOT be included
337
+
as addresses.
338
+
339
+
### Node size
340
+
341
+
The `eth_getAddressesInBlock` endpoint is designed to allow the node to compute the result
342
+
on-the-fly and does not imply an increase in the database requirement for the node.
343
+
344
+
## Copyright
345
+
346
+
Copyright and related rights waived via [CC0](../LICENSE.md).
0 commit comments