# Cancun EVM Opcode Planning A proposal to move some propsoed EIP opcodes around to make for a more coherent layout in Cancun and Prauge. ## Opcodes under active consideration This list includes opcodes propsed either for EOF or Cancun. The old opcode is the current EIP proposed opcode | Old Opcode | New Opcode | Name | Description | Immediate Arg | |:----------:|:----------:| -------------- | ----------------------------------------------- |:-------------:| | 0x49 | 0x49 | BLOBHASH | Returns hashes of blobs in the transaction | | | 0x4A | 0x4A | BEACON_ROOT | Exposes the Beacon Chain Root | | | 0xB3 | 0x5C | TLOAD | Transient data load | | | 0xB4 | 0x5D | TSTORE | Transient data store | | | 0xB7 | 0x5E | MCOPY | Memory copy | | | 0x5C | 0xE0 | RJUMP | relative jump | y | | 0x5D | 0xE1 | RJUMI | relative conditional jump | y | | 0x5E | 0xE2 | RJUMV | relative jump table | y | | 0xB0 | 0xE3 | CALLF | EOF Subroutine Call | y | | 0xB1 | 0xE4 | RETF | EOF Subroutine return | | | 0xB2 | 0xE5 | JUMPF | EOF Function Jump | y | | 0xB5 | 0xE6 | DUPN | Unlimited dup | y | | 0xB6 | 0xE7 | SWAPN | Unlimited swap | y | | 0xB8 | 0xE8 | DATALOAD | Loads data from EOF data section, via stack | | | 0xB9 | 0xE9 | DATALOADN | Loads data from EOF data section, via immediate | y | | 0xBA | 0xEA | DATASIZE | Size of the EOF data section | y | | 0xBB | 0xEB | DATACOPY | Bulk EOF data copy | y | | 0xF6 | 0xEC | CREATE3 | Create from EOF contained initcode | y | | 0xF8 | 0xED | RETURNCONTRACT | contract to be created, references EOF data | y | | 0xF9 | 0xF6 | PAY | transfers value from caller to target | | | 0xF7 | 0xF7 | CREATE4 | Create from transaction contained initcode | | | 0xF9 | 0xF8 | CALL2 | CALL without gas and output memory | | | 0xFB | 0xF9 | DELEGATECALL2 | DELEGATECALL without gas and output memory | | | 0xFC | 0xFB | STATICCALL2 | STATICCALL without gas and output memory | | Methodology * All Opcodes that require an immediate argument or that require EOF containers go into the 0xE block * Move TSORE and MCOPY into the Storage/Memory/Control Flow block * Pack opcodes to the earliest opcode in their block ## Opcode Blocks | Prefix | Available | Propsoed | Name | | ------ | ---------:| --------:| ------------------------------- | | 0x0 | 3 | | Aritmetic | | 0x1 | 2 | | Comparison / Bitwise | | 0x2 | 15 | | Cryptography | | 0x3 | 0 | | Environmental | | 0x4 | 7 | 2 | Block | | 0x5 | 3 | 3 | Storage / Memory / Control Flow | | 0x6 | 0 | | PUSHx | | 0x7 | 0 | | PUSHx | | 0x8 | 0 | | DUPx | | 0x9 | 0 | | SWAPx | | 0xA | 11 | | Log | | 0xB | 16 | | Unassigned | | 0xC | 16 | | Unassigned | | 0xD | 16 | | Unassigned | | 0xE | 16 | 14 | Unassigned | | 0xF | 6 | 5 | System | ## Existing Opcodes Current up to Shanghai | Number | Name | Initial Release | Execution spec category | | ------ | -------------- | ---------------- | ----------------------- | | 0x00 | STOP | | Control Flow | | 0x01 | ADD | | Arithmetic | | 0x02 | MUL | | Arithmetic | | 0x03 | SUB | | Arithmetic | | 0x04 | DIV | | Arithmetic | | 0x05 | SDIV | | Arithmetic | | 0x06 | MOD | | Arithmetic | | 0x07 | SMOD | | Arithmetic | | 0x08 | ADDMOD | | Arithmetic | | 0x09 | MULMOD | | Arithmetic | | 0x0A | EXP | | Arithmetic | | 0x0B | SIGNEXTEND | | Arithmetic | | 0x10 | LT | | Comparison | | 0x11 | GT | | Comparison | | 0x12 | SLT | | Comparison | | 0x13 | SGT | | Comparison | | 0x14 | EQ | | Comparison | | 0x15 | ISZERO | | Comparison | | 0x16 | AND | | Bitwise | | 0x17 | OR | | Bitwise | | 0x18 | XOR | | Bitwise | | 0x19 | NOT | | Bitwise | | 0x1A | BYTE | | Bitwise | | 0x1B | SHL | Constantinople | Bitwise | | 0x1C | SHR | Constantinople | Bitwise | | 0x1D | SAR | Constantinople | Bitwise | | 0x20 | KECCAK | | Keccak | | 0x30 | ADDRESS | | Environmental | | 0x31 | BALANCE | | Environmental | | 0x32 | ORIGIN | | Environmental | | 0x33 | CALLER | | Environmental | | 0x34 | CALLVALUE | | Environmental | | 0x35 | CALLDATALOAD | | Environmental | | 0x36 | CALLDATASIZE | | Environmental | | 0x37 | CALLDATACOPY | | Environmental | | 0x38 | CODESIZE | | Environmental | | 0x39 | CODECOPY | | Environmental | | 0x3A | GASPRICE | | Environmental | | 0x3B | EXTCODESIZE | | Environmental | | 0x3C | EXTCODECOPY | | Environmental | | 0x3D | RETURNDATASIZE | Byzantium | Environmental | | 0x3E | RETURNDATACOPY | Byzantium | Environmental | | 0x3F | EXTCODEHASH | Constantinople | Environmental | | 0x40 | BLOCKHASH | | Block | | 0x41 | COINBASE | | Block | | 0x42 | TIMESTAMP | | Block | | 0x43 | NUMBER | | Block | | 0x44 | DIFFICULTY | Frontier->London | Block | | 0x44 | PREVRANDAO | Paris | Block | | 0x45 | GASLIMIT | | Block | | 0x46 | CHAINID | Istanbul | Block | | 0x47 | SELFBALANCE | Istanbul | Block | | 0x48 | BASEFEE | London | Block | | 0x50 | POP | | Pop | | 0x51 | MLOAD | | Memory | | 0x52 | MSTORE | | Memory | | 0x53 | MSTORE8 | | Memory | | 0x54 | SLOAD | | Storage | | 0x55 | SSTORE | | Storage | | 0x56 | JUMP | | Control Flow | | 0x57 | JUMPI | | Control Flow | | 0x58 | PC | | Control Flow | | 0x59 | MSIZE | | Memory | | 0x5A | GAS | | Control Flow | | 0x5B | JUMPDEST | | Control Flow | | 0x5F | PUSH0 | Shanghai | Push | | 0x60 | PUSH1 | | Push | | 0x61 | PUSH2 | | Push | | 0x62 | PUSH3 | | Push | | 0x63 | PUSH4 | | Push | | 0x64 | PUSH5 | | Push | | 0x65 | PUSH6 | | Push | | 0x66 | PUSH7 | | Push | | 0x67 | PUSH8 | | Push | | 0x68 | PUSH9 | | Push | | 0x69 | PUSH10 | | Push | | 0x6A | PUSH11 | | Push | | 0x6B | PUSH12 | | Push | | 0x6C | PUSH13 | | Push | | 0x6D | PUSH14 | | Push | | 0x6E | PUSH15 | | Push | | 0x6F | PUSH16 | | Push | | 0x70 | PUSH17 | | Push | | 0x71 | PUSH18 | | Push | | 0x72 | PUSH19 | | Push | | 0x73 | PUSH20 | | Push | | 0x74 | PUSH21 | | Push | | 0x75 | PUSH22 | | Push | | 0x76 | PUSH23 | | Push | | 0x77 | PUSH24 | | Push | | 0x78 | PUSH25 | | Push | | 0x79 | PUSH26 | | Push | | 0x7A | PUSH27 | | Push | | 0x7B | PUSH28 | | Push | | 0x7C | PUSH29 | | Push | | 0x7D | PUSH30 | | Push | | 0x7E | PUSH31 | | Push | | 0x7F | PUSH32 | | Push | | 0x80 | DUP1 | | Dup | | 0x81 | DUP2 | | Dup | | 0x82 | DUP3 | | Dup | | 0x83 | DUP4 | | Dup | | 0x84 | DUP5 | | Dup | | 0x85 | DUP6 | | Dup | | 0x86 | DUP7 | | Dup | | 0x87 | DUP8 | | Dup | | 0x88 | DUP9 | | Dup | | 0x89 | DUP10 | | Dup | | 0x8A | DUP11 | | Dup | | 0x8B | DUP12 | | Dup | | 0x8C | DUP13 | | Dup | | 0x8D | DUP14 | | Dup | | 0x8E | DUP15 | | Dup | | 0x8F | DUP16 | | Dup | | 0x90 | SWAP1 | | Swap | | 0x91 | SWAP2 | | Swap | | 0x92 | SWAP3 | | Swap | | 0x93 | SWAP4 | | Swap | | 0x94 | SWAP5 | | Swap | | 0x95 | SWAP6 | | Swap | | 0x96 | SWAP7 | | Swap | | 0x97 | SWAP8 | | Swap | | 0x98 | SWAP9 | | Swap | | 0x99 | SWAP10 | | Swap | | 0x9A | SWAP11 | | Swap | | 0x9B | SWAP12 | | Swap | | 0x9C | SWAP13 | | Swap | | 0x9D | SWAP14 | | Swap | | 0x9E | SWAP15 | | Swap | | 0x9F | SWAP16 | | Swap | | 0xA0 | LOG0 | | Log | | 0xA1 | LOG1 | | Log | | 0xA2 | LOG2 | | Log | | 0xA3 | LOG3 | | Log | | 0xA4 | LOG4 | | Log | | 0xF0 | CREATE | | System | | 0xF1 | CALL | | System | | 0xF2 | CALLCODE | | System | | 0xF3 | RETURN | | System | | 0xF4 | DELEGATECALL | Homestad | System | | 0xF5 | CREATE2 | Constantinople | System | | 0xFA | STATICCALL | Byzantium | System | | 0xFD | REVERT | Byzantium | System | | 0xFE | INVALID/ABORT | (unofficial) | System | | 0xFF | SELFDESTRUCT | | System | ## All Proposed Opcodes All EIP propsoed opcodes that have not shipped. This includes all unshipped EIPs, even withdrawn and non-viable proposals. | EIP | Opcode | Name | Description | Immediate Arg | | ---------------------------------------------------------------------- | ------ | --------------------- | ---------------------------------------------------------------------------- | ------------- | | [101](https://eips.ethereum.org/EIPS/eip-101) | 0x5C | tx.gas | primordial account-abstraction support | | | [141](https://eips.ethereum.org/EIPS/eip-141) | 0xFE | INVALID <br />/ ABORT | Designated invalid opcode. <br />(Adopted in practice, Not formally adopted) | | | [615](https://eips.ethereum.org/EIPS/eip-615) | 0xB0 | JUMPTO | static jump | y | | [615](https://eips.ethereum.org/EIPS/eip-615) | 0xB1 | JUMPIF | static conditional jump | y | | [615](https://eips.ethereum.org/EIPS/eip-615) | 0xB2 | JUMPV | static jump table | y | | [615](https://eips.ethereum.org/EIPS/eip-615) | 0xB3 | JUMPSUB | static subroutine call | y | | [615](https://eips.ethereum.org/EIPS/eip-615) | 0xB4 | JUMPSUBV | static subroutine table call | y | | [615](https://eips.ethereum.org/EIPS/eip-615) | 0xB5 | BEGINSUB | marker opcode | y | | [615](https://eips.ethereum.org/EIPS/eip-615) | 0xB6 | BEGINDATA | marker opcode | | | [615](https://eips.ethereum.org/EIPS/eip-615) | 0xB7 | RETURNSUB | subroutine return | | | [615](https://eips.ethereum.org/EIPS/eip-615) | 0xB8 | PUTLOCAL | call local storage | y | | [615](https://eips.ethereum.org/EIPS/eip-615) | 0xB9 | GETLOCAL | call local storage | y | | [663](https://eips.ethereum.org/EIPS/eip-663) | 0xB5 | DUPN | Unlimited dup | y | | [663](https://eips.ethereum.org/EIPS/eip-663) | 0xB6 | SWAPN | Unlimited swap | y | | [698](https://eips.ethereum.org/EIPS/eip-698) | 0x46 | BLOCKREWARD | Get the blockreward for the current block | | | [1109](https://eips.ethereum.org/EIPS/eip-1109) | 0xFB | PRECOMPILEDCALL | call only precompiled addresses | | | [1153](https://eips.ethereum.org/EIPS/eip-1153) | 0xB3 | TLOAD | Transient data load | | | [1153](https://eips.ethereum.org/EIPS/eip-1153) | 0xB4 | TSTORE | Transient data store | | | [2315](https://eips.ethereum.org/EIPS/eip-2315) | 0x5E | RETURNSUB | Subroutine return | | | [2315](https://eips.ethereum.org/EIPS/eip-2315) | 0x5F | RJUMPSUB | Subroutine jump | | | [2327](https://eips.ethereum.org/EIPS/eip-2327) | 0xB6 | BEGINDATA | End of executable code marker | | | [2330](https://eips.ethereum.org/EIPS/eip-2330) | 0x5C | EXTSLOAD | Load external contract data | | | [2936](https://eips.ethereum.org/EIPS/eip-2936) | 0x5C | EXTCLEAR | Split sotrage clearing form SELFDESTRUCT | | | [2937](https://eips.ethereum.org/EIPS/eip-2937) | 0xA8 | SET_INDESTRUCTABLE | Prevents future SELFDESTRUCTs | | | [2938](https://eips.ethereum.org/EIPS/eip-2938) | 0x48 | NONCE | Get the nonce of the callee | | | [2938](https://eips.ethereum.org/EIPS/eip-2938) | 0x49 | PAYGAS | Pays gas for all futher operations | | | [2970](https://eips.ethereum.org/EIPS/eip-2970) | 0x4A | IS_STATIC | Is current frame static? | | | [2997](https://eips.ethereum.org/EIPS/eip-2997) | 0xF6 | IMPERAONATECALL | Call with sender calculated from salt and caller | | | [3074](https://eips.ethereum.org/EIPS/eip-3074) | 0xF6 | AUTH | Preperatory operation for AUTHCALL | | | [3074](https://eips.ethereum.org/EIPS/eip-3074) | 0xF7 | AUTHCALL | Call with calle set to external account | | | [3322](https://eips.ethereum.org/EIPS/eip-3322) | 0x49 | SELFGAS | Store gas refund to account | | | [3322](https://eips.ethereum.org/EIPS/eip-3322) | 0x49 | USEGAS | Increase execution gas from account stored gas | | | [3322](https://eips.ethereum.org/EIPS/eip-3322) | 0x49 | STOREGAS | Move gas to refund | | | [3332](https://eips.ethereum.org/EIPS/eip-3332) | 0x46 | MEDGASPRICE | Get median gas proce of prior block | | | [3337](https://eips.ethereum.org/EIPS/eip-3337) | 0x5C | SETFP | Sets a frame pointer to a memory location | | | [3337](https://eips.ethereum.org/EIPS/eip-3337) | 0x5D | GETFP | Gets the current frame pointer | | | [3337](https://eips.ethereum.org/EIPS/eip-3337) | 0x5E | MLOADFP | Reads memory at the frame pointer | | | [3337](https://eips.ethereum.org/EIPS/eip-3337) | 0x5F | MSTOREFP | Writes memory at the frame pointer | | | [3455](https://eips.ethereum.org/EIPS/eip-3455) | 0xF8 | SUDO | Unvalidated AUTHCALL (april fools joke) | | | [3508](https://eips.ethereum.org/EIPS/eip-3508) | 0x47 | ORIGINDATALOAD | Load transaction calldata | | | [3508](https://eips.ethereum.org/EIPS/eip-3508) | 0x48 | ORIGINDATASIZE | Size of transaction calldata | | | [3508](https://eips.ethereum.org/EIPS/eip-3508) | 0x49 | ORIGINDATACOPY | Bulk load transaction calldata | | | [3520](https://eips.ethereum.org/EIPS/eip-3520) | 0x4A | ENTRYPOINT | To address of transaction | | | [4200](https://eips.ethereum.org/EIPS/eip-4200) | 0x5C | RJUMP | relative jump | y | | [4200](https://eips.ethereum.org/EIPS/eip-4200) | 0x5D | RJUMI | relative conditional jump | y | | [4200](https://eips.ethereum.org/EIPS/eip-4200) | 0x5E | RJUMV | relative jump table | y | | [4520](https://eips.ethereum.org/EIPS/eip-4520) | 0xEB | - | Reserve for multi-byte opcodes | y | | [4520](https://eips.ethereum.org/EIPS/eip-4520) | 0xEC | - | Reserve for multi-byte opcodes | y | | [4750](https://eips.ethereum.org/EIPS/eip-4750) | 0xB0 | CALLF | EOF Subroutine Call | y | | [4750](https://eips.ethereum.org/EIPS/eip-4750) | 0xB1 | RETF | EOF Subroutine return | | | [4788](https://eips.ethereum.org/EIPS/eip-4788) | 0x4A | BEACON_ROOT | Exposes the Beacon Chain Root | | | [4844](https://eips.ethereum.org/EIPS/eip-4844) | 0x49 | BLOBHASH | Returns hashes of blobs in the transaction | | | [5000](https://eips.ethereum.org/EIPS/eip-5000) | 0x1E | MULDIV | combo multiply then divide trinary operation | | | [5003](https://eips.ethereum.org/EIPS/eip-5003) | 0xF8 | AUTHUSURP | Adds code into EOAs | | | [5478](https://eips.ethereum.org/EIPS/eip-5478) | 0xF6 | CREATE2COPY | Create 2 with no initcode and contract copying | | | [5656](https://eips.ethereum.org/EIPS/eip-5656) | 0xB7 | MCOPY | Memory copy | | | [5920](https://eips.ethereum.org/EIPS/eip-5920) | 0xF9 | PAY | transfers value from caller to target | | | [6206](https://eips.ethereum.org/EIPS/eip-6206) | 0xB2 | JUMPF | EOF Function Jump | y | | [6888](https://eips.ethereum.org/EIPS/eip-6888) | 0x5B | JUMPC | Jump if the most recent arithmetic op set the carry bit | | | [6888](https://eips.ethereum.org/EIPS/eip-6888) | 0x5C | JUMPO | Jump if the most recent arithmetic op set the overflow bit | | | [6913](https://eips.ethereum.org/EIPS/eip-6913) | 0x49 | SETCODE | Replace code of current contract | | | [mega EOF](https://notes.ethereum.org/@ipsilon/mega-eof-specification) | 0xF6 | CREATE3 | Create from EOF contained initcode | y | | [mega EOF](https://notes.ethereum.org/@ipsilon/mega-eof-specification) | 0xF7 | CREATE4 | Create from transaction contained initcode | | | [mega EOF](https://notes.ethereum.org/@ipsilon/mega-eof-specification) | 0xF8 | RETURNCONTRACT | contract to be created, references EOF data | y | | [mega EOF](https://notes.ethereum.org/@ipsilon/mega-eof-specification) | 0xB8 | DATALOAD | Loads data from EOF data section, via stack | | | [mega EOF](https://notes.ethereum.org/@ipsilon/mega-eof-specification) | 0xB9 | DATALOADN | Loads data from EOF data section, via immediate | y | | [mega EOF](https://notes.ethereum.org/@ipsilon/mega-eof-specification) | 0xBA | DATASIZE | Size of the EOF data section | | | [mega EOF](https://notes.ethereum.org/@ipsilon/mega-eof-specification) | 0xBB | DATACOPY | Bulk data section copy | y | | [mega EOF](https://notes.ethereum.org/@ipsilon/mega-eof-specification) | 0xF9 | CALL2 | CALL without gas and output memory | | | [mega EOF](https://notes.ethereum.org/@ipsilon/mega-eof-specification) | 0xFB | DELEGATECALL2 | DELEGATECALL without gas and output memory | | | [mega EOF](https://notes.ethereum.org/@ipsilon/mega-eof-specification) | 0xFC | STATICCALL2 | STATICCALL without gas and output memory | |
Last changed by  
Danno Ferrin

Read more

CREATEF - A CREATE3/CREATE4 alternative

CREATEF

9/20/2023
Ethereum Community Archives

Ethereum Community Archives is an organization that aggregates and propagates specifications and standards for the Ethereum Ecosystem from other processes and groups.

7/21/2023
Index Based EOF Container

Objective Reformulate the EOF container to provide efficient access without validation, to support features such as banning code introspection and non-validated execution. Specification container := header, managed_body, unmanaged_body header := magic, version, kind_container, container_end_index, kind_code, num_code_sections, code_index+, kind_data, data_index, terminator managed_body := types_section, code_section+, data_section types_section := (inputs, outputs, max_stack_height)+ The types kind is removed with a container kind, where the

1/5/2023
Hyperledger Besu Gas Leak (22.4.x)

Executive Summary Because of a flaw in handling unsigned data as signed data a properly coded smart contract can create a function call that will return more gas than was passed in. This excess gas can be used to create a loop that is in effect infinite. Networks containing only Besu validators will halt when this code is executed on-chain or considered for block inclusion. This bug was patched in Hyperledger Besu version 22.7.1 and exists in versions 22.4.0 to 22.7.0. CVE-2022-36025 Gas Call Bug The origins of the bug comes from a mis-handling of unsigned data as signed data. As part of supporting EIP-4803 Limit transaction gas to a maximum of 2^63-1 Besu migrated the internal types of Gas from a UInt256 object to a native long field, which is a signed value that can support the full range of transaction gas. In instances where the gas needed to represent a higher value Besu clamped the values to 2^63-1, aka Long.MAX_VALUE. Because all EVM executions will have the intrinsic gas costs deducted this clamped value will always exceed any observed gas value. The original code used a conversion that would take any 64 bit or less value and place it directly to a signed long. Any 65-256 bit sized number would result in an exception that would be trapped out and clamped to the max value. But any value of exactly 64 bits would become a negative signed long value.

9/21/2022
Read more from Danno Ferrin
Published on HackMD