If any opcode ever costs more oil than it does in gas, then the child will be able to cause a reversion that propagates through the parent call frame.
This would break meta transactions.
I think this statement is a bit to sweeping. I’d like to pick apart meta-transactions a bit.
A Meta-tx has two parties:
- The party that produced the meta-tx, let’s call him the
signer. - The party that creates an ethereum transactions, and pays the actual
gas. Let’s call him therelayer.
In a meta-tx, the relayer executes the meta-tx, and during the course of execution, some reward is (typically) sent to the relayer. This typically happens in a trustless setting: relayer invokes a meta-tx scheduler which picks a metatx for execution, executes the metatx and afterwards pays a reward for the relayer in some asset.
As I see it, there are two main ways that meta-tx can be broken:
- The
signerhas his transaction executed in a way that makes it fail, but therelayerstill gets the reward. - The
relayerspends money on a metatx, but is given no reward.
Now, let’s consider the two proposals (oil/karma vs @vbuterin’s counter proposal).
Counter-proposal
The counter-proposal introduces rules for how the tx sender (that is; the relayer) can modify gas-forwarding rules further down in the call stack. This means that actions performed by the relayer can modify the execution flow of the meta-tx.
In short: the possible breakage from Counter-Proposal means that meta-txs can be broken in way 1).
Oil/Karma
With oil/karma, it’s possible that the entire execution is reverted, costing money for relayer. Breakage of type 2).
Analysis
I’d argue that type-1 breakage is worse thann type-2 breakage. A type-2 breakage introduces a level of risk, for the active participants of the meta-tx game. If you want to execute a meta-tx, you would now have to take into account the possibility that the execution may fail. If we see meta-txs as a market, it could be argued that these risks should be organically handled by an efficient market.
- Does ‘rotten’ meta-txs cause relaying to happen at a loss? Then
relayerswill stop relaying unless therewardis sufficiently high to offset the risk. - A relayer can also (try to) analyse meta-transactions, and estimate which ones are likely to cause a loss. Different relayers may do this differently, but I don’t see that this would be impossible.
As for type-1 breakage, the signer submits his meta-tx. After that has happened, potential attackers have unlimited time to analyze if they can cause the transaction to fail. If the meta-tx is a regular occurrence (like alarm-clock), it might be possible to totally drain the underlying asset while not actually performing anything useful work at all for the signer.
Lastly
Another object to raising gas costs in general, is that the block gas limit can rise above where it’s possible to execute transactions. I see ‘balancing gas costs in accordance with resource expenditure’ as a difficult and important problem to solve. The problem with large transactions vs max gas seems to me to be a lot simpler problem, which can be solved in a number of ways:
- EIP-1559 is one way,
- We could have ‘superblocks’ e…g every 10K blocks, which are substantially higher in max gas.