github.com/Consensys/quorum@v21.1.0+incompatible/core/vm/evm.go

// Copyright 2014 The go-ethereum Authors
// This file is part of the go-ethereum library.
//
// The go-ethereum library is free software: you can redistribute it and/or modify
// it under the terms of the GNU Lesser General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// The go-ethereum library is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Lesser General Public License for more details.
//
// You should have received a copy of the GNU Lesser General Public License
// along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>.

package vm

import (
	"fmt"
	"math/big"
	"sync/atomic"
	"time"

	"github.com/ethereum/go-ethereum/common"
	"github.com/ethereum/go-ethereum/core/state"
	"github.com/ethereum/go-ethereum/core/types"
	"github.com/ethereum/go-ethereum/crypto"
	"github.com/ethereum/go-ethereum/log"
	"github.com/ethereum/go-ethereum/multitenancy"
	"github.com/ethereum/go-ethereum/params"
	"github.com/ethereum/go-ethereum/trie"
)

// note: Quorum, States, and Value Transfer
//
// In Quorum there is a tricky issue in one specific case when there is call from private state to public state:
// * The state db is selected based on the callee (public)
// * With every call there is an associated value transfer -- in our case this is 0
// * Thus, there is an implicit transfer of 0 value from the caller to callee on the public state
// * However in our scenario the caller is private
// * Thus, the transfer creates a ghost of the private account on the public state with no value, code, or storage
//
// The solution is to skip this transfer of 0 value under Quorum

// emptyCodeHash is used by create to ensure deployment is disallowed to already
// deployed contract addresses (relevant after the account abstraction).
var emptyCodeHash = crypto.Keccak256Hash(nil)

type (
	// CanTransferFunc is the signature of a transfer guard function
	CanTransferFunc func(StateDB, common.Address, *big.Int) bool
	// TransferFunc is the signature of a transfer function
	TransferFunc func(StateDB, common.Address, common.Address, *big.Int)
	// GetHashFunc returns the n'th block hash in the blockchain
	// and is used by the BLOCKHASH EVM op code.
	GetHashFunc func(uint64) common.Hash
)

// run runs the given contract and takes care of running precompiles with a fallback to the byte code interpreter.
func run(evm *EVM, contract *Contract, input []byte, readOnly bool) ([]byte, error) {
	if contract.CodeAddr != nil {
		// Using CodeAddr is favour over contract.Address()
		// During DelegateCall() CodeAddr is the address of the delegated account
		address := *contract.CodeAddr
		// during simulation/eth_call, when contract code is empty, there's no execution hence the
		// multitenancy check will not happen in captureOperationMode().
		// This additional check to ensure we capture this case
		if evm.SupportsMultitenancy && evm.AuthorizeMessageCallFunc != nil && len(contract.Code) == 0 {
			return nil, multitenancy.ErrNotAuthorized
		}
		if err := evm.captureAffectedContract(address, ModeUnknown); err != nil {
			return nil, err
		}
		// When delegatecall, need to capture the operation mode in the context of contract.Address()
		// the affected contract is required read only mode
		if address != contract.Address() {
			evm.pushAddress(contract.Address())
		} else {
			evm.pushAddress(address)
		}
		defer evm.popAddress()
		precompiles := PrecompiledContractsHomestead
		if evm.chainRules.IsByzantium {
			precompiles = PrecompiledContractsByzantium
		}
		if evm.chainRules.IsIstanbul {
			precompiles = PrecompiledContractsIstanbul
		}
		if p := precompiles[address]; p != nil {
			return RunPrecompiledContract(p, input, contract)
		}
	}
	for _, interpreter := range evm.interpreters {
		if interpreter.CanRun(contract.Code) {
			if evm.interpreter != interpreter {
				// Ensure that the interpreter pointer is set back
				// to its current value upon return.
				defer func(i Interpreter) {
					evm.interpreter = i
				}(evm.interpreter)
				evm.interpreter = interpreter
			}
			return interpreter.Run(contract, input, readOnly)
		}
	}
	return nil, ErrNoCompatibleInterpreter
}

// Context provides the EVM with auxiliary information. Once provided
// it shouldn't be modified.
type Context struct {
	// CanTransfer returns whether the account contains
	// sufficient ether to transfer the value
	CanTransfer CanTransferFunc
	// Transfer transfers ether from one account to the other
	Transfer TransferFunc
	// GetHash returns the hash corresponding to n
	GetHash GetHashFunc

	// Message information
	Origin   common.Address // Provides information for ORIGIN
	GasPrice *big.Int       // Provides information for GASPRICE

	// Block information
	Coinbase    common.Address // Provides information for COINBASE
	GasLimit    uint64         // Provides information for GASLIMIT
	BlockNumber *big.Int       // Provides information for NUMBER
	Time        *big.Int       // Provides information for TIME
	Difficulty  *big.Int       // Provides information for DIFFICULTY

	// Quorum
	// EVM should consider multitenancy
	SupportsMultitenancy bool
	// AuthorizeCreateFunc performs tenancy authorization check for contract creation.
	// It's only injected during simulation
	AuthorizeCreateFunc multitenancy.AuthorizeCreateFunc
	// AuthorizeMessageCallFunc performs tenancy authorization check for message call to a contract.
	// It's only injected during simulation/eth_call
	AuthorizeMessageCallFunc multitenancy.AuthorizeMessageCallFunc
}

type PublicState StateDB
type PrivateState StateDB

// EVM is the Ethereum Virtual Machine base object and provides
// the necessary tools to run a contract on the given state with
// the provided context. It should be noted that any error
// generated through any of the calls should be considered a
// revert-state-and-consume-all-gas operation, no checks on
// specific errors should ever be performed. The interpreter makes
// sure that any errors generated are to be considered faulty code.
//
// The EVM should never be reused and is not thread safe.
type EVM struct {
	// Context provides auxiliary blockchain related information
	Context
	// StateDB gives access to the underlying state
	StateDB StateDB
	// Depth is the current call stack
	depth int

	// chainConfig contains information about the current chain
	chainConfig *params.ChainConfig
	// chain rules contains the chain rules for the current epoch
	chainRules params.Rules
	// virtual machine configuration options used to initialise the
	// evm.
	vmConfig Config
	// global (to this context) ethereum virtual machine
	// used throughout the execution of the tx.
	interpreters []Interpreter
	interpreter  Interpreter
	// abort is used to abort the EVM calling operations
	// NOTE: must be set atomically
	abort int32
	// callGasTemp holds the gas available for the current call. This is needed because the
	// available gas is calculated in gasCall* according to the 63/64 rule and later
	// applied in opCall*.
	callGasTemp uint64

	// Quorum additions:
	publicState       PublicState
	privateState      PrivateState
	states            [1027]*state.StateDB // TODO(joel) we should be able to get away with 1024 or maybe 1025
	currentStateDepth uint

	// This flag has different semantics from the `Interpreter:readOnly` flag (though they interact and could maybe
	// be simplified). This is set by Quorum when it's inside a Private State -> Public State read.
	quorumReadOnly bool
	readOnlyDepth  uint

	// these are for privacy enhancements and multitenancy
	affectedContracts map[common.Address]*AffectedType // affected contract account address -> type
	currentTx         *types.Transaction               // transaction currently being applied on this EVM
	addressStack      []common.Address                 // store contract addresses being executed
	// store last error during EVM execution lifecycle.
	// we use this to bubble up the error instead of "evm: execution revert" error.
	// use it with care as it's meant for runtime multitenancy check during simulation.
	lastError error
}

// AffectedType defines attributes indicating how a contract is affected
// as the result of the contract code execution in an EVM
type AffectedType struct {
	// reason captures how the contract is affected.
	// Default to MessageCall and set to Creation if the contract under execution is newly created.
	reason AffectedReason
	// mode captures how the state is operated as the result of contract code execution.
	// The value is cached as an expectation by performing trial of ModeRead and ModeWrite against access token for a contract before execution.
	// Runtime multitenancy check uses this value to verify if an opcode execution violates the expectation.
	// At the end of EVM lifecycle, this reflects the actual mode.
	mode AffectedMode
}

func (t AffectedType) String() string {
	return fmt.Sprintf("reason=%d,mode=%d", t.reason, t.mode)
}

// AffectedReason defines a type of operation that was applied to a contract.
type AffectedReason byte

const (
	_        AffectedReason = iota
	Creation AffectedReason = iota
	MessageCall
)

// AffectedMode defines a mode in which the state is operated as the result of contract code execution.
type AffectedMode byte

const (
	// ModeUnknown indicates an auxiliary mode used during initialization of an affected contract
	ModeUnknown AffectedMode = iota
	// ModeRead indicates that state has not been modified as the result of contract code execution
	ModeRead AffectedMode = iota
	// ModeWrite indicates that state has been modified as the result of contract code execution
	ModeWrite = ModeRead << 1
	// ModeUpdated indicates that the affected mode has been setup for multitenancy check.
	// This is mainly used during simulation and eth_call
	ModeUpdated = ModeRead << 7
)

func ModeOf(isWrite bool) AffectedMode {
	if isWrite {
		return ModeWrite
	}
	return ModeRead
}

func (mode AffectedMode) IsNotAuthorized(actualMode AffectedMode) bool {
	return mode.Has(ModeUpdated) && !mode.Has(actualMode)
}

func (mode AffectedMode) Update(authorizedRead bool, authorizedWrite bool) AffectedMode {
	newMode := mode | ModeUpdated
	if authorizedRead {
		newMode = newMode | ModeRead
	}
	if authorizedWrite {
		newMode = newMode | ModeWrite
	}
	return newMode
}

func (mode AffectedMode) Has(modes ...AffectedMode) bool {
	expectedMode := ModeUnknown
	for _, m := range modes {
		expectedMode = expectedMode | m
	}
	return mode&expectedMode == expectedMode
}

// NewEVM returns a new EVM. The returned EVM is not thread safe and should
// only ever be used *once*.
func NewEVM(ctx Context, statedb, privateState StateDB, chainConfig *params.ChainConfig, vmConfig Config) *EVM {
	evm := &EVM{
		Context:      ctx,
		StateDB:      statedb,
		vmConfig:     vmConfig,
		chainConfig:  chainConfig,
		chainRules:   chainConfig.Rules(ctx.BlockNumber),
		interpreters: make([]Interpreter, 0, 1),

		publicState:  statedb,
		privateState: privateState,

		affectedContracts: make(map[common.Address]*AffectedType),
		addressStack:      make([]common.Address, 0),
	}

	if chainConfig.IsEWASM(ctx.BlockNumber) {
		// to be implemented by EVM-C and Wagon PRs.
		// if vmConfig.EWASMInterpreter != "" {
		//  extIntOpts := strings.Split(vmConfig.EWASMInterpreter, ":")
		//  path := extIntOpts[0]
		//  options := []string{}
		//  if len(extIntOpts) > 1 {
		//    options = extIntOpts[1..]
		//  }
		//  evm.interpreters = append(evm.interpreters, NewEVMVCInterpreter(evm, vmConfig, options))
		// } else {
		// 	evm.interpreters = append(evm.interpreters, NewEWASMInterpreter(evm, vmConfig))
		// }
		panic("No supported ewasm interpreter yet.")
	}

	evm.Push(privateState)

	// vmConfig.EVMInterpreter will be used by EVM-C, it won't be checked here
	// as we always want to have the built-in EVM as the failover option.
	evm.interpreters = append(evm.interpreters, NewEVMInterpreter(evm, vmConfig))
	evm.interpreter = evm.interpreters[0]

	return evm
}

// Cancel cancels any running EVM operation. This may be called concurrently and
// it's safe to be called multiple times.
func (evm *EVM) Cancel() {
	atomic.StoreInt32(&evm.abort, 1)
}

// Cancelled returns true if Cancel has been called
func (evm *EVM) Cancelled() bool {
	return atomic.LoadInt32(&evm.abort) == 1
}

// Interpreter returns the current interpreter
func (evm *EVM) Interpreter() Interpreter {
	return evm.interpreter
}

// Call executes the contract associated with the addr with the given input as
// parameters. It also handles any necessary value transfer required and takes
// the necessary steps to create accounts and reverses the state in case of an
// execution error or failed value transfer.
func (evm *EVM) Call(caller ContractRef, addr common.Address, input []byte, gas uint64, value *big.Int) (ret []byte, leftOverGas uint64, err error) {
	if evm.vmConfig.NoRecursion && evm.depth > 0 {
		return nil, gas, nil
	}

	evm.Push(getDualState(evm, addr))
	defer func() { evm.Pop() }()

	// Fail if we're trying to execute above the call depth limit
	if evm.depth > int(params.CallCreateDepth) {
		return nil, gas, ErrDepth
	}
	// Fail if we're trying to transfer more than the available balance
	if !evm.Context.CanTransfer(evm.StateDB, caller.Address(), value) {
		return nil, gas, ErrInsufficientBalance
	}

	var (
		to       = AccountRef(addr)
		snapshot = evm.StateDB.Snapshot()
	)
	if !evm.StateDB.Exist(addr) {
		precompiles := PrecompiledContractsHomestead
		if evm.chainRules.IsByzantium {
			precompiles = PrecompiledContractsByzantium
		}
		if evm.chainRules.IsIstanbul {
			precompiles = PrecompiledContractsIstanbul
		}
		if precompiles[addr] == nil && evm.chainRules.IsEIP158 && value.Sign() == 0 {
			// Calling a non existing account, don't do anything, but ping the tracer
			if evm.vmConfig.Debug && evm.depth == 0 {
				evm.vmConfig.Tracer.CaptureStart(caller.Address(), addr, false, input, gas, value)
				evm.vmConfig.Tracer.CaptureEnd(ret, 0, 0, nil)
			}
			return nil, gas, nil
		}
		evm.StateDB.CreateAccount(addr)
	}
	if evm.ChainConfig().IsQuorum {
		// skip transfer if value /= 0 (see note: Quorum, States, and Value Transfer)
		if value.Sign() != 0 {
			if evm.quorumReadOnly {
				return nil, gas, ErrReadOnlyValueTransfer
			}
			evm.Transfer(evm.StateDB, caller.Address(), to.Address(), value)
		}
	} else {
		evm.Transfer(evm.StateDB, caller.Address(), to.Address(), value)
	}

	// Initialise a new contract and set the code that is to be used by the EVM.
	// The contract is a scoped environment for this execution context only.
	contract := NewContract(caller, to, value, gas)
	contract.SetCallCode(&addr, evm.StateDB.GetCodeHash(addr), evm.StateDB.GetCode(addr))

	// Even if the account has no code, we need to continue because it might be a precompile
	start := time.Now()

	// Capture the tracer start/end events in debug mode
	if evm.vmConfig.Debug && evm.depth == 0 {
		evm.vmConfig.Tracer.CaptureStart(caller.Address(), addr, false, input, gas, value)

		defer func() { // Lazy evaluation of the parameters
			evm.vmConfig.Tracer.CaptureEnd(ret, gas-contract.Gas, time.Since(start), err)
		}()
	}
	ret, err = run(evm, contract, input, false)

	// When an error was returned by the EVM or when setting the creation code
	// above we revert to the snapshot and consume any gas remaining. Additionally
	// when we're in homestead this also counts for code storage gas errors.
	if err != nil {
		evm.StateDB.RevertToSnapshot(snapshot)
		if err != errExecutionReverted {
			contract.UseGas(contract.Gas)
		}
	}
	return ret, contract.Gas, err
}

// CallCode executes the contract associated with the addr with the given input
// as parameters. It also handles any necessary value transfer required and takes
// the necessary steps to create accounts and reverses the state in case of an
// execution error or failed value transfer.
//
// CallCode differs from Call in the sense that it executes the given address'
// code with the caller as context.
func (evm *EVM) CallCode(caller ContractRef, addr common.Address, input []byte, gas uint64, value *big.Int) (ret []byte, leftOverGas uint64, err error) {
	if evm.vmConfig.NoRecursion && evm.depth > 0 {
		return nil, gas, nil
	}

	evm.Push(getDualState(evm, addr))
	defer func() { evm.Pop() }()

	// Fail if we're trying to execute above the call depth limit
	if evm.depth > int(params.CallCreateDepth) {
		return nil, gas, ErrDepth
	}
	// Fail if we're trying to transfer more than the available balance
	if !evm.CanTransfer(evm.StateDB, caller.Address(), value) {
		return nil, gas, ErrInsufficientBalance
	}

	var (
		snapshot = evm.StateDB.Snapshot()
		to       = AccountRef(caller.Address())
	)
	// Initialise a new contract and set the code that is to be used by the EVM.
	// The contract is a scoped environment for this execution context only.
	contract := NewContract(caller, to, value, gas)
	contract.SetCallCode(&addr, evm.StateDB.GetCodeHash(addr), evm.StateDB.GetCode(addr))

	ret, err = run(evm, contract, input, false)
	if err != nil {
		evm.StateDB.RevertToSnapshot(snapshot)
		if err != errExecutionReverted {
			contract.UseGas(contract.Gas)
		}
	}
	return ret, contract.Gas, err
}

// DelegateCall executes the contract associated with the addr with the given input
// as parameters. It reverses the state in case of an execution error.
//
// DelegateCall differs from CallCode in the sense that it executes the given address'
// code with the caller as context and the caller is set to the caller of the caller.
func (evm *EVM) DelegateCall(caller ContractRef, addr common.Address, input []byte, gas uint64) (ret []byte, leftOverGas uint64, err error) {
	if evm.vmConfig.NoRecursion && evm.depth > 0 {
		return nil, gas, nil
	}

	evm.Push(getDualState(evm, addr))
	defer func() { evm.Pop() }()

	// Fail if we're trying to execute above the call depth limit
	if evm.depth > int(params.CallCreateDepth) {
		return nil, gas, ErrDepth
	}

	var (
		snapshot = evm.StateDB.Snapshot()
		to       = AccountRef(caller.Address())
	)

	// Initialise a new contract and make initialise the delegate values
	contract := NewContract(caller, to, nil, gas).AsDelegate()
	contract.SetCallCode(&addr, evm.StateDB.GetCodeHash(addr), evm.StateDB.GetCode(addr))

	ret, err = run(evm, contract, input, false)
	if err != nil {
		evm.StateDB.RevertToSnapshot(snapshot)
		if err != errExecutionReverted {
			contract.UseGas(contract.Gas)
		}
	}
	return ret, contract.Gas, err
}

// StaticCall executes the contract associated with the addr with the given input
// as parameters while disallowing any modifications to the state during the call.
// Opcodes that attempt to perform such modifications will result in exceptions
// instead of performing the modifications.
func (evm *EVM) StaticCall(caller ContractRef, addr common.Address, input []byte, gas uint64) (ret []byte, leftOverGas uint64, err error) {
	if evm.vmConfig.NoRecursion && evm.depth > 0 {
		return nil, gas, nil
	}
	// Fail if we're trying to execute above the call depth limit
	if evm.depth > int(params.CallCreateDepth) {
		return nil, gas, ErrDepth
	}

	var (
		to       = AccountRef(addr)
		stateDb  = getDualState(evm, addr)
		snapshot = stateDb.Snapshot()
	)
	// Initialise a new contract and set the code that is to be used by the EVM.
	// The contract is a scoped environment for this execution context only.
	contract := NewContract(caller, to, new(big.Int), gas)
	contract.SetCallCode(&addr, stateDb.GetCodeHash(addr), stateDb.GetCode(addr))

	// We do an AddBalance of zero here, just in order to trigger a touch.
	// This doesn't matter on Mainnet, where all empties are gone at the time of Byzantium,
	// but is the correct thing to do and matters on other networks, in tests, and potential
	// future scenarios
	stateDb.AddBalance(addr, bigZero)

	// When an error was returned by the EVM or when setting the creation code
	// above we revert to the snapshot and consume any gas remaining. Additionally
	// when we're in Homestead this also counts for code storage gas errors.
	ret, err = run(evm, contract, input, true)
	if err != nil {
		stateDb.RevertToSnapshot(snapshot)
		if err != errExecutionReverted {
			contract.UseGas(contract.Gas)
		}
	}
	return ret, contract.Gas, err
}

type codeAndHash struct {
	code []byte
	hash common.Hash
}

func (c *codeAndHash) Hash() common.Hash {
	if c.hash == (common.Hash{}) {
		c.hash = crypto.Keccak256Hash(c.code)
	}
	return c.hash
}

// create creates a new contract using code as deployment code.
func (evm *EVM) create(caller ContractRef, codeAndHash *codeAndHash, gas uint64, value *big.Int, address common.Address) ([]byte, common.Address, uint64, error) {
	// Depth check execution. Fail if we're trying to execute above the
	// limit.
	if evm.depth > int(params.CallCreateDepth) {
		return nil, common.Address{}, gas, ErrDepth
	}
	if !evm.CanTransfer(evm.StateDB, caller.Address(), value) {
		return nil, common.Address{}, gas, ErrInsufficientBalance
	}

	// Quorum
	// Get the right state in case of a dual state environment. If a sender
	// is a transaction (depth == 0) use the public state to derive the address
	// and increment the nonce of the public state. If the sender is a contract
	// (depth > 0) use the private state to derive the nonce and increment the
	// nonce on the private state only.
	//
	// If the transaction went to a public contract the private and public state
	// are the same.
	var creatorStateDb StateDB
	if evm.depth > 0 {
		creatorStateDb = evm.privateState
	} else {
		creatorStateDb = evm.publicState
	}

	nonce := creatorStateDb.GetNonce(caller.Address())
	creatorStateDb.SetNonce(caller.Address(), nonce+1)

	// Ensure there's no existing contract already at the designated address
	contractHash := evm.StateDB.GetCodeHash(address)
	if evm.StateDB.GetNonce(address) != 0 || (contractHash != (common.Hash{}) && contractHash != emptyCodeHash) {
		return nil, common.Address{}, 0, ErrContractAddressCollision
	}
	// Create a new account on the state
	snapshot := evm.StateDB.Snapshot()
	if evm.SupportsMultitenancy && evm.AuthorizeCreateFunc != nil {
		if authorized := evm.AuthorizeCreateFunc(); !authorized {
			return nil, common.Address{}, gas, multitenancy.ErrNotAuthorized
		}
	}
	evm.StateDB.CreateAccount(address)
	evm.affectedContracts[address] = newAffectedType(Creation, ModeWrite|ModeRead)
	if evm.chainRules.IsEIP158 {
		evm.StateDB.SetNonce(address, 1)
	}
	if nil != evm.currentTx && evm.currentTx.IsPrivate() && evm.currentTx.PrivacyMetadata() != nil {
		// for calls (reading contract state) or finding the affected contracts there is no transaction
		if evm.currentTx.PrivacyMetadata().PrivacyFlag.IsNotStandardPrivate() {
			pm := state.NewStatePrivacyMetadata(common.BytesToEncryptedPayloadHash(evm.currentTx.Data()), evm.currentTx.PrivacyMetadata().PrivacyFlag)
			evm.StateDB.SetPrivacyMetadata(address, pm)
			log.Trace("Set Privacy Metadata", "key", address, "privacyMetadata", pm)
		}
	}
	if evm.ChainConfig().IsQuorum {
		// skip transfer if value /= 0 (see note: Quorum, States, and Value Transfer)
		if value.Sign() != 0 {
			if evm.quorumReadOnly {
				return nil, common.Address{}, gas, ErrReadOnlyValueTransfer
			}
			evm.Transfer(evm.StateDB, caller.Address(), address, value)
		}
	} else {
		evm.Transfer(evm.StateDB, caller.Address(), address, value)
	}

	// Initialise a new contract and set the code that is to be used by the EVM.
	// The contract is a scoped environment for this execution context only.
	contract := NewContract(caller, AccountRef(address), value, gas)
	contract.SetCodeOptionalHash(&address, codeAndHash)

	if evm.vmConfig.NoRecursion && evm.depth > 0 {
		return nil, address, gas, nil
	}

	if evm.vmConfig.Debug && evm.depth == 0 {
		evm.vmConfig.Tracer.CaptureStart(caller.Address(), address, true, codeAndHash.code, gas, value)
	}
	start := time.Now()

	ret, err := run(evm, contract, nil, false)

	maxCodeSize := evm.ChainConfig().GetMaxCodeSize(evm.BlockNumber)
	// check whether the max code size has been exceeded, check maxcode size from chain config
	maxCodeSizeExceeded := evm.chainRules.IsEIP158 && len(ret) > maxCodeSize
	// if the contract creation ran successfully and no errors were returned
	// calculate the gas required to store the code. If the code could not
	// be stored due to not enough gas set an error and let it be handled
	// by the error checking condition below.
	if err == nil && !maxCodeSizeExceeded {
		createDataGas := uint64(len(ret)) * params.CreateDataGas
		if contract.UseGas(createDataGas) {
			evm.StateDB.SetCode(address, ret)
		} else {
			err = ErrCodeStoreOutOfGas
		}
	}

	// When an error was returned by the EVM or when setting the creation code
	// above we revert to the snapshot and consume any gas remaining. Additionally
	// when we're in homestead this also counts for code storage gas errors.
	if maxCodeSizeExceeded || (err != nil && (evm.chainRules.IsHomestead || err != ErrCodeStoreOutOfGas)) {
		evm.StateDB.RevertToSnapshot(snapshot)
		if err != errExecutionReverted {
			contract.UseGas(contract.Gas)
		}
	}
	// Assign err if contract code size exceeds the max while the err is still empty.
	if maxCodeSizeExceeded && err == nil {
		err = errMaxCodeSizeExceeded
	}
	if evm.vmConfig.Debug && evm.depth == 0 {
		evm.vmConfig.Tracer.CaptureEnd(ret, gas-contract.Gas, time.Since(start), err)
	}
	return ret, address, contract.Gas, err

}

// Create creates a new contract using code as deployment code.
func (evm *EVM) Create(caller ContractRef, code []byte, gas uint64, value *big.Int) (ret []byte, contractAddr common.Address, leftOverGas uint64, err error) {
	// Quorum
	// Get the right state in case of a dual state environment. If a sender
	// is a transaction (depth == 0) use the public state to derive the address
	// and increment the nonce of the public state. If the sender is a contract
	// (depth > 0) use the private state to derive the nonce and increment the
	// nonce on the private state only.
	//
	// If the transaction went to a public contract the private and public state
	// are the same.
	var creatorStateDb StateDB
	if evm.depth > 0 {
		creatorStateDb = evm.privateState
	} else {
		creatorStateDb = evm.publicState
	}

	// Ensure there's no existing contract already at the designated address
	nonce := creatorStateDb.GetNonce(caller.Address())
	contractAddr = crypto.CreateAddress(caller.Address(), nonce)
	return evm.create(caller, &codeAndHash{code: code}, gas, value, contractAddr)
}

// Create2 creates a new contract using code as deployment code.
//
// The different between Create2 with Create is Create2 uses sha3(0xff ++ msg.sender ++ salt ++ sha3(init_code))[12:]
// instead of the usual sender-and-nonce-hash as the address where the contract is initialized at.
func (evm *EVM) Create2(caller ContractRef, code []byte, gas uint64, endowment *big.Int, salt *big.Int) (ret []byte, contractAddr common.Address, leftOverGas uint64, err error) {
	codeAndHash := &codeAndHash{code: code}
	contractAddr = crypto.CreateAddress2(caller.Address(), common.BigToHash(salt), codeAndHash.Hash().Bytes())
	return evm.create(caller, codeAndHash, gas, endowment, contractAddr)
}

// ChainConfig returns the environment's chain configuration
func (evm *EVM) ChainConfig() *params.ChainConfig { return evm.chainConfig }

// Quorum functions for dual state
func getDualState(evm *EVM, addr common.Address) StateDB {
	// priv: (a) -> (b)  (private)
	// pub:   a  -> [b]  (private -> public)
	// priv: (a) ->  b   (public)
	state := evm.StateDB

	if evm.PrivateState().Exist(addr) {
		state = evm.PrivateState()
		evm.captureAffectedContract(addr, ModeUnknown)
	} else if evm.PublicState().Exist(addr) {
		state = evm.PublicState()
	}

	return state
}

func (evm *EVM) PublicState() PublicState           { return evm.publicState }
func (evm *EVM) PrivateState() PrivateState         { return evm.privateState }
func (evm *EVM) SetCurrentTX(tx *types.Transaction) { evm.currentTx = tx }
func (evm *EVM) SetTxPrivacyMetadata(pm *types.PrivacyMetadata) {
	evm.currentTx.SetTxPrivacyMetadata(pm)
}
func (evm *EVM) Push(statedb StateDB) {
	// Quorum : the read only depth to be set up only once for the entire
	// op code execution. This will be set first time transition from
	// private state to public state happens
	// statedb will be the state of the contract being called.
	// if a private contract is calling a public contract make it readonly.
	if !evm.quorumReadOnly && evm.privateState != statedb {
		evm.quorumReadOnly = true
		evm.readOnlyDepth = evm.currentStateDepth
	}

	if castedStateDb, ok := statedb.(*state.StateDB); ok {
		evm.states[evm.currentStateDepth] = castedStateDb
		evm.currentStateDepth++
	}

	evm.StateDB = statedb
}
func (evm *EVM) Pop() {
	evm.currentStateDepth--
	if evm.quorumReadOnly && evm.currentStateDepth == evm.readOnlyDepth {
		evm.quorumReadOnly = false
	}
	evm.StateDB = evm.states[evm.currentStateDepth-1]
}

func (evm *EVM) Depth() int { return evm.depth }

// We only need to revert the current state because when we call from private
// public state it's read only, there wouldn't be anything to reset.
// (A)->(B)->C->(B): A failure in (B) wouldn't need to reset C, as C was flagged
// read only.
func (evm *EVM) RevertToSnapshot(snapshot int) {
	evm.StateDB.RevertToSnapshot(snapshot)
}

// Quorum
//
// Returns addresses of contracts which are message-called
func (evm *EVM) CalledContracts() []common.Address {
	addr := make([]common.Address, 0, len(evm.affectedContracts))
	for a, t := range evm.affectedContracts {
		if t.reason == MessageCall {
			addr = append(addr, a)
		}
	}
	return addr[:]
}

// Quorum
//
// Returns addresses of contracts which are newly created
func (evm *EVM) CreatedContracts() []common.Address {
	addr := make([]common.Address, 0, len(evm.affectedContracts))
	for a, t := range evm.affectedContracts {
		if t.reason == Creation {
			addr = append(addr, a)
		}
	}
	return addr[:]
}

// Quorum
//
// pushAddress stores the contract address being affected during EVM execution
func (evm *EVM) pushAddress(address common.Address) {
	evm.addressStack = append(evm.addressStack, address)
}

// Quorum
//
// popAddress retrieves the affected contract address from the stack
func (evm *EVM) popAddress() {
	l := len(evm.addressStack)
	if l == 0 {
		return
	}
	evm.addressStack = evm.addressStack[:l-1]
}

// Quorum
//
// peekAddress retrieves the affected contract address from the top of the stack
func (evm *EVM) peekAddress() common.Address {
	l := len(evm.addressStack)
	if l == 0 {
		return common.Address{}
	}
	return evm.addressStack[l-1]
}

// Quorum
//
// captureOperationMode stores the type of operation being applied on the current
// affected contract whose address is on top of the stack.
// For multitenancy, it checks if the mode is allowed. Also it bubbles up the last error
// captured. This helps to avoid "evm: execution revert" generic error
func (evm *EVM) captureOperationMode(isWriteOperation bool) error {
	currentAddress := evm.peekAddress()
	if (currentAddress == common.Address{}) {
		return evm.lastError
	}
	actualMode := ModeOf(isWriteOperation)
	if t, ok := evm.affectedContracts[currentAddress]; ok {
		// perform multitenancy check
		if evm.enforceMultitenancyCheck() {
			if t.mode.IsNotAuthorized(actualMode) {
				log.Trace("Multitenancy check for captureOperationMode()", "address", currentAddress.Hex(), "actual", actualMode, "expect", t.mode)
				evm.lastError = multitenancy.ErrNotAuthorized
			}
			// bubble up the last error
			if evm.lastError != nil {
				return evm.lastError
			}
		}
		t.mode = t.mode | actualMode
	}
	return nil
}

// Quorum
//
// captureAffectedContract stores the contract address to the affectedContract list if not yet there.
// The affected mode is also updated if required.
// Default affected reason is MessageCall.
// In simulation/eth_call for multitenancy, it sets the expectation of AffectedMode
// to be verified later when an opcode is executed.
func (evm *EVM) captureAffectedContract(address common.Address, mode AffectedMode) error {
	affectedType, found := evm.affectedContracts[address]
	if !found {
		affectedType = newAffectedType(MessageCall, mode)
		evm.affectedContracts[address] = affectedType
	}
	if affectedType.mode != ModeUnknown {
		return nil
	}
	if evm.SupportsMultitenancy && evm.AuthorizeMessageCallFunc != nil {
		authorizedRead, authorizedWrite, err := evm.AuthorizeMessageCallFunc(address)
		if err != nil {
			return err
		}
		// if we don't authorize either read/write, it's unauthorized access
		// and we need to inform EVM
		if !authorizedRead && !authorizedWrite {
			evm.lastError = multitenancy.ErrNotAuthorized
			log.Debug("Affected contract not authorized", "address", address.Hex(), "read", authorizedRead, "write", authorizedWrite)
			return multitenancy.ErrNotAuthorized
		}
		oldMode := affectedType.mode
		affectedType.mode = affectedType.mode.Update(authorizedRead, authorizedWrite)
		log.Debug("AffectedMode changed", "address", address.Hex(), "old", oldMode, "new", affectedType.mode)
	}
	return nil
}

// enforceMultitenancyCheck returns true if EVM is enforced to do multitenancy check
// during simulation/eth_call, false otherwise
func (evm *EVM) enforceMultitenancyCheck() bool {
	return evm.AuthorizeCreateFunc != nil || evm.AuthorizeMessageCallFunc != nil
}

// Quorum
//
// AffecteMode returns the type of operation (read/write) which was applied on the given
// contract address. It returns ModeUnknown if the contract is not affected during
// the lifecycle of this EVM instance
func (evm *EVM) AffectedMode(a common.Address) (AffectedMode, error) {
	if t, ok := evm.affectedContracts[a]; ok {
		return t.mode, nil
	}
	return ModeUnknown, fmt.Errorf("address not found")
}

func newAffectedType(r AffectedReason, m AffectedMode) *AffectedType {
	return &AffectedType{
		reason: r,
		mode:   m,
	}
}

// Quorum
//
// AffectedContracts returns all affected contracts that are the results of
// MessageCall transaction
func (evm *EVM) AffectedContracts() []common.Address {
	addr := make([]common.Address, 0, len(evm.affectedContracts))
	for a, t := range evm.affectedContracts {
		if t.reason == MessageCall {
			addr = append(addr, a)
		}
	}
	return addr[:]
}

// Return MerkleRoot of all affected contracts (due to both creation and message call)
func (evm *EVM) CalculateMerkleRoot() (common.Hash, error) {
	combined := new(trie.Trie)
	for addr := range evm.affectedContracts {
		data, err := getDualState(evm, addr).GetRLPEncodedStateObject(addr)
		if err != nil {
			return common.Hash{}, err
		}
		if err := combined.TryUpdate(addr.Bytes(), data); err != nil {
			return common.Hash{}, err
		}
	}
	return combined.Hash(), nil
}