Regarding some discussions that has been happening on EIp-1014, Skinny Create2.
I have now performed some benchmarks, and can confirm that the combination of uncapped size of initcode + lack of cost-per-byte is problematic in
CREATE2, and can lead to DoS attacks if not fixed. Therefore, I propose that we accept the change to EIp 1014 which uses the folowing phrasing:
Additionally, an extra
GSHA3WORD * ceil(len(init_code) / 32)gas is charged.
Furthermore the problem is also present today, with
CREATE, but that is due to internal implementation details in most (all?) clients. Short story: it can be fixed without changing
CREATE. Client implementors can PM me for details and testcases. I have already spoken to Parity members about this.
An alternative change could be to introduce a cap on initcode size. That would also 'fix' the problem in a less 'correct' manner. cc @/all