Initdata in Authorisation List for EIP 7702

--- title: Initdata in Authorisation List for EIP 7702 --- # Initdata in Authorisation List for EIP 7702 ## TLDR This improvement suggests extending the ```authorization_list``` field in EIP-7702 to include an optional initdata parameter. The updated format becomes: ``` authorization_list = [[chain_id, address, nonce, initdata, y_parity, r, s], ...] ``` The ```initdata``` parameter allows for atomic initialization of the smart contract code immediately after it is set in the EOA. By integrating initialization directly into the authorization transaction, the proposal simplifies workflows, reduces transaction overhead, and enhances security. With the proposal, the EOA has the option to choose to execute the code immediately with the optional initdata, or initialise at any later time by omitting (the exact implementation is up to discussion) this initdata. ## Context ### Motivation Currently, EIP-7702 allows EOAs to delegate code to a designated contract but does not provide a mechanism at the protocol-level to initialize those codes within the same transaction. Adding this optional field does not impact the behavior of the current spec, but extends it with the following benefits: #### Atomicity: - Code delegation and initialization occur in the same transaction, ensuring the EOA is never in an uninitialized state. - Reduces the risk of attacks exploiting uninitialized contracts with incomplete security checks. - Follow-up transaction to initialise is not needed. - Account can have the option to be initialised immediately after a 7702 transaction. #### Simplified User Experience: - Users sign a single ```authorization_list``` transaction instead of managing separate transactions for code delegation and initialization. #### Gas Efficiency: - Merges delegation and initialization into one transaction, reducing overall gas costs such as the need to check two signatures per authorisation. - Authorisation and initialisation are also done in a single 7702 transaction where gas sponsorship can be more easily managed. #### Improved Security: - Prevents adversaries from interacting with an EOA that has been delegated code but not yet initialized. - Security of the initialisation is done on protocol-level rather than on contract-level, which potentially leaves areas of vulnerability. ## Specification The authorization_list field can be updated as follows: ``` authorization_list = [[chain_id, address, nonce, initdata, y_parity, r, s], ...] ``` ```chain_id```, ```address```, ```nonce```, ```y_parity```, ```r```, and ```s``` retain their original definitions. ```initdata```: An optional calldata parameter for contract initialization. If provided, it is executed immediately after the code is set. ### Transaction Behavior After verifying and setting the delegation designator for an EOA: If initdata is present, the contract at address is called with initdata as its calldata, executing the initialization logic. The execution context is the EOA, ensuring that initialization happens atomically with delegation. ## Potential disadvantages We acknowledge that this proposal comes with certain drawbacks, particularly the increased implementation complexity for the protocol. Execution clients will need to support the use of initdata within the context of EIP-7702. The process of invoking initialization functions using initdata may require new mechanisms, which will demand extensive development and testing efforts. Additionally, this proposal does not completely relieve the responsibility on developers with regards to the safety of the initialisation functions. Nevertheless, this proposal provides significant security benefits to users who wish to take advantage of EIP-7702. ## Suggested Implementation This proposal involves protocol-level changes, and we can only suggest implementation changes. However, since we are not protocol developers, we hope to seek inputs regarding this suggestion. We could invoke a call to the address in the authorisation list with the authorisation initdata. This implies that a new way to call into contracts is present and extensive testing will be required. ![20241119-135723](https://hackmd.io/_uploads/Hy_CdoKf1g.png) ## Conclusion The benefits are listed in this document, and we recognise the potential drawbacks. > This gives EOAs a unique power to control when and what code executes in their account. With the inclusion of initdata, EOAs gain even greater flexibility and control by enabling code to be executed immediately, while still retaining the option to initialize at a later time if desired. This enhanced capability strengthens the utility of EIP-7702 as well as the user experience.