Opcode Rules

One way that ERC-7562 protects ERC-4337 bundlers is by restricting access to opcodes during the validation phase.

OP-011 Blocked Opcodes

ERC-7562 generally blocks access from opcodes that access information outside of storage and code.

The blocked opcodes are:

  • BALANCE (0x31)
  • ORIGIN (0x32)
  • GASPRICE (0x3A)
  • BLOCKHASH (0x40)
  • COINBASE (0x41)
  • TIMESTAMP (0x42)
  • NUMBER (0x43)
  • GASLIMIT (0x45)
  • SELFBALANCE (0x47)
  • BASEFEE (0x48)
  • GAS (0x5A)
  • CREATE (0xF0)
  • INVALID (0xFE)

OP-012 Gas Opcode

The GAS opcode is allowed, but only if followed immediately by *CALL instructions. This is a common way to pass all remaining gas to an external call, and it means that the actual value is consumed from the stack immediately and cannot be accessed by any other opcode.

OP-013 Unassigned Opcodes

Unassigned opcodes are banned.

OP-020 Revert when out of gas

Revert on "out of gas" is forbidden, as it can leak the gas limit or the current call stack depth.

OP-031 CREATE2 Restrictions

CREATE2 is allowed exactly once in the deployment phase and must deploy code for the sender address.

OP-041 Access to address without deployed code

Access to an address without a deployed code is forbidden for EXTCODE* and *CALL opcodes in the canonical ERC-4337 mempool.

OP-042 Exceptions to OP-041

Access to the sender address is allowed without deployed code, but this is possible only in factory code during the deployment phase.

OP-051 Allow EXTCODESIZE ISZERO to EntryPoint

The EXTCODESIZE ISZERO opcode may be called to the EntryPoint address. This pattern is used to check the destination has code before the depositTo function is called.

OP-052 Allow depositTo(sender)

The depositTo(sender) function in the EntryPoint may be called with any value either from the sender or factory.

OP-053 Allow Fallback Function

The fallback function may be called from the sender with any value.

OP-054 Forbidden EntryPoint access

Access to the EntryPoint is forbidden during validation except for:

  • Calls to EXTCODESIZE ISZERO per OP-051
  • Calls to depositTo(Sender) per OP-052
  • Calls to the sender's fallback function per OP-053

OP-061 CALL with value

Except for calls to the EntryPoint as specified in OP-051, OP-052, and OP-053, CALL opcodes with value is forbidden during validation.

OP-062 Precompile CALL

Precompiles are restricted to:

  • Only known accepted precompiles on the network that do not access anything in the blockchain state or environment
  • The core precompiles 0x1 ... 0x9
  • The RIP-7212 sec256r1 pre-compile

OP-070 Transient Storage

Transient Storage slots defined in EIP-1153 and accessed using TLOAD (0x5c) and TSTORE (0x5d) opcodes are treated exactly like persistent storage (SLOAD/SSTORE).