Merge Transfer and TransferWithGas gadget

[ChihChengLiang]

Description

• Transfer and TransferWithGas gadgets are mostly the same. We can merge them and duplicate them.
• There are duplicated logics for creating the receiver account (writing empty hash). We remove the duplicated one.
• The update balance gadget is vague, it is hard to understand whether we want to add or subtract balance. We extract a helpful method for that.
• deduplicate the transfer_to logic in busmapping.
• Fix the receiver creation condition on busmapping.
• Fix the order of the sender account read-write in begin tx assignment.

Thank @curryrasul for initializing this conversation.

Issue Link

Type of change

Refactor (no updates to logic)

Content

Test

cargo test -p zkevm-circuits create
cargo test -p zkevm-circuits begin_tx
cargo test -p zkevm-circuits end_tx 

[ChihChengLiang]

This condition slips through the old PR that fixes all creation conditions.
https://github.com/privacy-scaling-explorations/zkevm-circuits/pull/1079/files/c0e6909d5135aa74e3ce415879d993a34050a823#r1336618956

[ChihChengLiang]

We have to think carefully about this condition. I would love input from reviewers.

• What is receiver_exists?
  • We can check if code_hash is 0. It is an artificial rule we added before.
  • Nonce is 0. Should we add this? address_collision in create has this check.
• opcode_is_create
  • originally called must_create. I think this covers 3 cases:
  • EOA transfer to create an account. Can we call this situtation "opcode_is_create"?
  • Create receiver with CREATE opcode
  • Create receiver with CREATE2 opcode

[KimiWu123]

From geth impl., an account which doesn't exist will be created only when transfer value is non-zero.

But, no matter this account exsists or not, it'll be created again in CREATE/2 opcode. You can see createAccount is called in create and then will find this

// createObject creates a new state object. If there is an existing account with
// the given address, it is overwritten and returned as the second return value.

in createObject

The conclusion is the original condition is correct. In your fix, the account won't be re-created if the receiver exists.

[KimiWu123]

For the naming of opcode_is_create. I would vote is_create_account or force_create_account as you mentioned "EOA transfer to create an account", it doesn't fix the name.

[ChihChengLiang]

an account which doesn't exist will be created only when transfer value is non-zero.

I think this is correct and it matches our behavior.

no matter this account exists or not, it'll be created again in CREATE/2 opcode.

This is incorrect. Three lines above your quoted createAccount locates a nonzero nonce and non-empty hash check that early exits the function and returns an ErrContractAddressCollision error.

The EIP-1014: Skinny CREATE2 also states "if nonce or code (of the create2 destination address) is nonzero, then the create-operation fails."

So for this PR, the conclusion is that a CREATEX opcode does not guarantee an overwrite of an account.

---

But you might wonder, why the create opcode only checks non empty code hash and non zero nonce. What about storage root and balance? Can we have an account that has code="" and nonce=0, but storage root !=0 or balance !=0? The tl;dr is we can't, for non-trivial reason.

I fell into a rabbit hole of a historical study and how the EIP was defined. Fortunately, Gary wrote the best summary of this issue. See ethereum/go-ethereum#28666.

[KimiWu123]

Sorry for the confusion. Maybe we could put the link ethereum/go-ethereum#28666 in our comment.

[ChihChengLiang]

I added to the comment in the constraint part, which might be the place people will check more frequently 77cfbcb.

[hero78119]

EOA transfer to create an account. Can we call this situtation "opcode_is_create"?

My opinion for opcode_is_create to represents create an account with tx.to = null is a bit confusing. How about just name it is_create to align with other place e.g. call.is_create?

[ChihChengLiang]

Sorry I missed the renaming part before. I fixed the renaming here 7449289

[KimiWu123]

Not finished the review yet, but seems some changes needed and the light testing is falied.

[ChihChengLiang]

Fixing the read-write inconsistency. I'll this back to draft

[ChihChengLiang]

I collected all the reads and writes from assignment functions everywhere back to the transfer gadget. I hope this reduces the code complexity.

[ChihChengLiang]

We have to think carefully about this condition. I would love input from reviewers.

• What is receiver_exists?
  • We can check if code_hash is 0. It is an artificial rule we added before.
  • Nonce is 0. Should we add this? address_collision in create has this check.
• opcode_is_create
  • originally called must_create. I think this covers 3 cases:
  • EOA transfer to create an account. Can we call this situtation "opcode_is_create"?
  • Create receiver with CREATE opcode
  • Create receiver with CREATE2 opcode

[KimiWu123]

Not finished yet, but would like to discuss the callee existence earlier.

[ChihChengLiang]

Replied some comments that I have quick answers

[KimiWu123]

LGTM. It looks nice and clean now. Great work! The remaining thing is this dicussion thread

[ChihChengLiang]

Hi @KimiWu123, I replied to the feedback to the receiver creation check.

[ChihChengLiang]

an account which doesn't exist will be created only when transfer value is non-zero.

I think this is correct and it matches our behavior.

no matter this account exists or not, it'll be created again in CREATE/2 opcode.

This is incorrect. Three lines above your quoted createAccount locates a nonzero nonce and non-empty hash check that early exits the function and returns an ErrContractAddressCollision error.

The EIP-1014: Skinny CREATE2 also states "if nonce or code (of the create2 destination address) is nonzero, then the create-operation fails."

So for this PR, the conclusion is that a CREATEX opcode does not guarantee an overwrite of an account.

---

But you might wonder, why the create opcode only checks non empty code hash and non zero nonce. What about storage root and balance? Can we have an account that has code="" and nonce=0, but storage root !=0 or balance !=0? The tl;dr is we can't, for non-trivial reason.

I fell into a rabbit hole of a historical study and how the EIP was defined. Fortunately, Gary wrote the best summary of this issue. See ethereum/go-ethereum#28666.

[hero78119]

Thanks for the code cleanup!
LGTM with few nitpicks

[hero78119]

EOA transfer to create an account. Can we call this situtation "opcode_is_create"?

My opinion for opcode_is_create to represents create an account with tx.to = null is a bit confusing. How about just name it is_create to align with other place e.g. call.is_create?

[hero78119]

👍 👍