EVM STATICCALL opcodeA 2 minute read, Posted by CodeChain Team on Sun, Oct 22, 2017
The Byzantium hardfork added a new opcode called
STATICCALL to EVM. In this post, we will take a look at this new opcode and explain in detail the problem it addresses to solve.
What is it?
STATICCALL is a new variant of
CALL that permits only non-state-changing calls to other contracts (including itself). Any opcode that performs modifications to the state results in an exception instead of performing the modification. It is specified in EIP214 and is included in the Byzantium HF upgrade.
State change operations include:
- CREATE, CREATE2
- LOG0, LOG1, LOG2, LOG3, LOG4
- CALL with a non-zero value
CALLCODE is not included in the list even when the value is non-zero.
What problem it addresses to solve
What’s the essence of smart contracts? They are basically a state transition function which results in a new state given the current state and arguments. To write smart contracts securely, you need to control when the state can be modified.
STATICCALL allows you to call a function while disallowing any state change operation. If a contract depends only on reading data from another contract, you can safely assume that a conflicting state change won’t be triggered. It means a subset of reentrancy vulnerabilities is prevented.
How it is related to Solidity
Solidity already has the so-called
view state modifiers.
- pure: functions that do not read or modify the state of the blockchain
- view: functions that can read, but never modify the state of the blockchain
At first it may look as if
STATICCALL had a strong relationship with
view state modifier because both allow only read and disallow modifications to the state. However, Solidity does not compile invocations of functions with
view state modifier to
STATICALL. Currently, both
pure modifiers are enforced only in the compile time and erased once they are compiled to EVM bytecodes. However, it could be possible that future versions of the Solidity compiler use
STATICCALL to enhance the security of Solidity programs.