zkevm-rom 0.0.1-security → 6.0.1

package/main/opcodes/calldata-returndata-code.zkasm

@@ -0,0 +1,619 @@
+
+/**
+ * @link [https://www.evm.codes/#35?fork=berlin]
+ * @zk-counters
+ *  - 1 binary
+ *  - 100 steps
+ * @process-opcode
+ *  - stack input: [offset]
+ *  - stack output: [data(offset)]
+ */
+ opCALLDATALOAD:
+    ; checks zk-counters
+    %MAX_CNT_STEPS - STEP - 100 :JMPN(outOfCountersStep)
+    %MAX_CNT_BINARY - CNT_BINARY - 1 :JMPN(outOfCountersBinary)
+
+    ; check stack underflow
+    SP - 1 => SP    :JMPN(stackUnderflow)
+    ; check out-of-gas
+    GAS - %GAS_FASTEST_STEP => GAS    :JMPN(outOfGas)
+    ; return 0 for contract creation
+    $               :MLOAD(isCreateContract), JMPNZ(CALLDATALOADreturn0)
+    $ => A          :MLOAD(SP); [offset => A]
+    $ => B          :MLOAD(txCalldataLen)
+    ; if offset is not lower than calldata length, return 0.
+    ; This check is also done at `readFromCalldataOffset` but we do it here with a binary to be sure offset is lower than 32 bits
+    $               :LT,JMPNC(CALLDATALOADreturn0)
+    32              :MSTORE(readXFromCalldataLength)
+    A               :MSTORE(readXFromCalldataOffset), CALL(readFromCalldataOffset); in: [readXFromCalldataOffset: offset value, readXFromCalldataLength: length value], out: [readXFromCalldataOffset: result value]
+    $ => A          :MLOAD(readXFromCalldataResult)
+    A               :MSTORE(SP++), JMP(readCode); [data(offset) => SP]
+
+CALLDATALOADreturn0:
+    0               :MSTORE(SP++), JMP(readCode); [0 => SP]
+
+/**
+ * @link [https://www.evm.codes/#36?fork=berlin]
+ * @zk-counters
+ *  - 100 steps
+ * @process-opcode
+ *  - stack input: []
+ *  - stack output: [size]
+ */
+opCALLDATASIZE:
+    ; checks zk-counters
+    %MAX_CNT_STEPS - STEP - 100 :JMPN(outOfCountersStep)
+    ; check out-of-gas
+    GAS-%GAS_QUICK_STEP => GAS    :JMPN(outOfGas)
+    ; return 0 for contract creation
+    $               :MLOAD(isCreateContract), JMPNZ(opCALLDATASIZEdep)
+    $ => B          :MLOAD(txCalldataLen)
+    B               :MSTORE(SP++); [size => SP]
+    ; check stack overflow
+    %MAX_STACK_SIZE - SP       :JMPN(stackOverflow, readCode)
+
+opCALLDATASIZEdep:
+    0               :MSTORE(SP++); [0 => SP]
+    ; check stack overflow
+    %MAX_STACK_SIZE - SP       :JMPN(stackOverflow, readCode)
+
+VAR GLOBAL auxDestOffset
+VAR GLOBAL calldataCopyOffset ; current calldatacopy offset
+VAR GLOBAL auxOffset ; original calldatacopy offset
+VAR GLOBAL numLastBytes
+/**
+ * @link [https://www.evm.codes/#37?fork=berlin]
+ * @zk-counters
+ *  - 100 steps
+ *  - 2 binary
+ * @process-opcode
+ *  - stack input: [destOffset, offset, size]
+ *  - stack output: []
+ */
+opCALLDATACOPY:
+    ; checks zk-counters
+    %MAX_CNT_STEPS - STEP - 100 :JMPN(outOfCountersStep)
+    %MAX_CNT_BINARY - CNT_BINARY - 2 :JMPN(outOfCountersBinary)
+    ; check stack underflow
+    SP - 3 => SP    :JMPN(stackUnderflow)
+    $ => E          :MLOAD(SP+2); [destOffset => E]
+    $ => B          :MLOAD(SP+1); [offset => B]
+    B               :MSTORE(auxOffset)
+    B               :MSTORE(calldataCopyOffset)
+    $ => C          :MLOAD(SP); [size => C]
+    C               :MSTORE(numLastBytes)
+    ; store lastMemOffset for memory expansion gas cost
+    E               :MSTORE(lastMemOffset)
+    ; store lastMemLength for memory expansion gas cost
+    C               :MSTORE(lastMemLength), CALL(saveMem); in: [lastMemOffset, lastMemLength]
+    ; check out-of-gas
+    GAS - %GAS_FASTEST_STEP => GAS  :JMPN(outOfGas)
+    ;${3*((C+31)/32)}
+    ;(C+31)/32 => A
+    C+31 => A
+                        :CALL(offsetUtil); in: [A: offset] out: [E: offset/32, C: offset%32]
+    GAS - 3*E => GAS    :JMPN(outOfGas)
+    ; Recover destOffset at E
+    $ => E          :MLOAD(lastMemOffset)
+    ; Recover size at C
+    $ => C          :MLOAD(lastMemLength)
+    ; If is a calldataCopy called from codeCopy, copy code from calldata allocation, else if is a create contract, return 0
+    $               :MLOAD(isCalldataCopyFromCodeCopy), JMPNZ(continueOpCalldatacopyFromCodeCopy)
+    $               :MLOAD(isCreateContract), JMPNZ(opCALLDATACOPY0, continueOpCalldatacopy)
+    continueOpCalldatacopyFromCodeCopy:
+    0               :MSTORE(isCalldataCopyFromCodeCopy)
+    continueOpCalldatacopy:
+    B => A
+    $ => B          :MLOAD(txCalldataLen); less than 2**32 bytes (calldata). Enforced by memory expansion gas cost & smart contract batchL2DataHash
+    ; if offset is not lower than calldata length, return 0
+    ; This check is also done at `readFromCalldataOffset` but we do it here with a binary to be sure offset is lower than 32 bits
+    $               :LT,JMPNC(opCALLDATACOPY0)
+    B => A
+    $ => B          :MLOAD(auxOffset)
+    B + C => B
+    32              :MSTORE(readXFromCalldataLength)
+    ; if txCalldataLen < (offset + size) --> opCALLDATACOPYX0
+    $               :LT,JMPC(opCALLDATACOPYX0)
+    $ => B          :MLOAD(auxOffset),JMP(opCALLDATACOPYloop)
+
+opCALLDATACOPYX0:
+    $ => C          :MLOAD(txCalldataLen)
+    $ => B          :MLOAD(auxOffset)
+    C - B => C      :MSTORE(numLastBytes)
+
+opCALLDATACOPYloop:
+    ; checks zk-counters
+    %MAX_CNT_STEPS - STEP - 300 :JMPN(outOfCountersStep)
+    ; finish loop
+    C               :JMPZ(opCALLDATACOPYcheckLen)
+    ; copy last bytes
+    C - 32          :JMPN(opCALLDATACOPYfinal)
+    B + 32          :MSTORE(calldataCopyOffset)
+    B               :MSTORE(readXFromCalldataOffset), CALL(readFromCalldataOffset); in: [readXFromCalldataOffset: offset value, readXFromCalldataLength: length value], out: [readXFromCalldataResult: result value]
+    $ => A          :MLOAD(readXFromCalldataResult)
+    A               :MSTORE(bytesToStore)
+    $ => A          :MLOAD(lastMemOffset)
+    ; checks zk-counters
+    %MAX_CNT_MEM_ALIGN - CNT_MEM_ALIGN  - 1     :JMPN(outOfCountersMemalign)
+    ; Store 32 bytes from calldata to memory
+                    :CALL(offsetUtil); in: [A: offset] out: [E: offset/32, C: offset%32]
+    E               :MSTORE(auxDestOffset)
+    $ => A          :MLOAD(MEM:E)
+    $ => B          :MLOAD(MEM:E+1)
+    ${memAlignWR_W0(A,mem.bytesToStore,C)} => D                    ; no trust calculate W0
+    ${memAlignWR_W1(B,mem.bytesToStore,C)} => E                    ; no trust calculate W1
+    $               :MEM_ALIGN_WR,MLOAD(bytesToStore)
+    E => A
+    $ => E          :MLOAD(auxDestOffset)
+    D               :MSTORE(MEM:E)          ; write W0
+    A               :MSTORE(MEM:E+1)        ; write W1
+    ; recover stack pointer
+    $ => C          :MLOAD(numLastBytes)
+    C - 32 => C     :MSTORE(numLastBytes)
+    $ => E          :MLOAD(lastMemOffset)
+    E + 32 => E     :MSTORE(lastMemOffset)
+    $ => B          :MLOAD(calldataCopyOffset), JMP(opCALLDATACOPYloop)
+
+opCALLDATACOPYfinal:
+    ; copy last bytes
+    C               :MSTORE(readXFromCalldataLength)
+    $ => D          :MLOAD(calldataCopyOffset)
+    D               :MSTORE(readXFromCalldataOffset), CALL(readFromCalldataOffset); in: [readXFromCalldataOffset: offset value, readXFromCalldataLength: length value], out: [readXFromCalldataResult: result value]
+    $ => A          :MLOAD(readXFromCalldataResult)
+
+    ; set bytesToStore with value to use in MSTORE
+    A               :MSTORE(bytesToStore), CALL(MSTOREX); in: [bytesToStore, E: offset, C: length] out: [E: new offset]
+                    :JMP(opCALLDATACOPYcheckLen)
+
+opCALLDATACOPY0:
+    C               :JMPZ(opCALLDATACOPYend)
+    32 - C          :JMPN(opCALLDATACOPY320)
+    ; set bytesToStore with value to use in MSTORE
+    0               :MSTORE(bytesToStore), CALL(MSTOREX); in: [bytesToStore, E: offset, C: length] out: [E: new offset]
+                    :JMP(opCALLDATACOPYend)
+
+opCALLDATACOPY320:
+    ; set bytesToStore with value to use in MSTORE
+    0               :MSTORE(bytesToStore), CALL(MSTORE32); in: [bytesToStore, E: offset] out: [E: new offset]
+    C - 32 => C     :JMP(opCALLDATACOPY0)
+
+opCALLDATACOPYcheckLen:
+    ; fill missing values with 0 (size > calldata)
+    $ => C          :MLOAD(lastMemLength)
+    $ => A          :MLOAD(txCalldataLen)
+    $ => B          :MLOAD(auxOffset)
+    C - A + B => C  :JMPN(opCALLDATACOPYend, opCALLDATACOPY0)
+
+
+opCALLDATACOPYend:
+                    :JMP(readCode)
+
+/**
+ * @link [https://www.evm.codes/#38?fork=berlin]
+ * @zk-counters
+ *  - %MAX_CNT_POSEIDON_SLOAD_SSTORE poseidon
+ *  - 30 steps
+ * @process-opcode
+ *  - stack input: []
+ *  - stack output: [size]
+ */
+opCODESIZE:
+    ; checks zk-counters
+    %MAX_CNT_POSEIDON_G - CNT_POSEIDON_G - %MAX_CNT_POSEIDON_SLOAD_SSTORE :JMPN(outOfCountersPoseidon)
+    %MAX_CNT_STEPS - STEP - 30 :JMPN(outOfCountersStep)
+    ; check out-of-gas
+    GAS-%GAS_QUICK_STEP => GAS    :JMPN(outOfGas)
+    ; if is create, get size from calldata
+    $ => A          :MLOAD(isCreateContract), JMPNZ(opCODESIZEdep)
+    ; else, from storage
+    $ => A          :MLOAD(txDestAddr)
+    ; set key for smt bytecode length query
+    %SMT_KEY_SC_LENGTH => B
+    0 => C
+    $ => A          :SLOAD
+    A               :MSTORE(SP++); [size => SP]
+    ; check stack overflow
+    %MAX_STACK_SIZE - SP       :JMPN(stackOverflow, readCode)
+
+opCODESIZEdep:
+    $ => B          :MLOAD(txCalldataLen)
+    B               :MSTORE(SP++); [size => SP]
+    ; check stack overflow
+    %MAX_STACK_SIZE - SP       :JMPN(stackOverflow, readCode)
+
+VAR GLOBAL memOffset
+VAR GLOBAL remainingBytes
+VAR GLOBAL previousValue
+VAR GLOBAL codecopyHashId
+VAR GLOBAL codecopyBytecodeLength
+VAR GLOBAL memInteger
+; Flag to check if the calldataCopy function is being called from the codecopy function
+VAR CTX isCalldataCopyFromCodeCopy
+/**
+ * @link [https://www.evm.codes/#39?fork=berlin]
+ * @zk-counters
+ *  - dynamic binary: 2 * size
+ *  - dynamic mem align: 2 * size
+ *  - dynamic poseidon: %MAX_CNT_POSEIDON_SLOAD_SSTORE * 2 * size
+ *  - dynamic steps: 100 * size
+ * @process-opcode
+ *  - stack input: [destOffset, offset, size]
+ *  - stack output: []
+ */
+opCODECOPY:
+    ;Check counters
+    %MAX_CNT_STEPS - STEP - 100 :JMPN(outOfCountersStep)
+    ; if is a create, copy from calldata
+    $ => A          :MLOAD(isCreateContract), JMPZ(continueOpCODECOPY)
+    1               :MSTORE(isCalldataCopyFromCodeCopy), JMP(opCALLDATACOPY)
+continueOpCODECOPY:
+    ; check stack underflow
+    SP - 3 => SP          :JMPN(stackUnderflow)
+    $ => C          :MLOAD(SP+2); [destOffset => C]
+    $ => D          :MLOAD(SP+1); [offset => D]
+    $ => E          :MLOAD(SP); [size => E]
+    ; store lastMemOffset for memory expansion gas cost
+    C               :MSTORE(lastMemOffset)
+    ; store lastMemLength for memory expansion gas cost
+    ; compute memory expansion gas cost
+    E               :MSTORE(lastMemLength), CALL(saveMem); in: [lastMemOffset, lastMemLength]
+    ; check out-of-gas
+    GAS - %GAS_FASTEST_STEP => GAS  :JMPN(outOfGas)
+    ;${3*((E+31)/32)}
+    E+31 => A
+    ;(E+31)/32
+    A               :MSTORE(arithA)
+    32              :MSTORE(arithB), CALL(divARITH); in: [arithA, arithB] out: [arithRes1: arithA/arithB, arithRes2: arithA%arithB]
+    $ => A          :MLOAD(arithRes1)
+    ; Mul operation with Arith
+    ; 3*((E+31)/32)
+    3               :MSTORE(arithA)
+    A               :MSTORE(arithB), CALL(mulARITH); in: [arithA, arithB] out: [arithRes1: arithA*arithB]
+    $ => A          :MLOAD(arithRes1)
+
+    GAS - A => GAS  :JMPN(outOfGas)
+
+
+    ; if offset is above data len, length => offset
+    D => A
+    $ => B          :MLOAD(bytecodeLength)
+    $               :LT, JMPC(opCODECOPY2)
+    B => A
+
+opCODECOPY2:
+    ; init vars for copy the code
+    A => HASHPOS
+    $ => D          :MLOAD(contractHashId)
+    ; set hashId to get bytes from
+    D               :MSTORE(codecopyHashId)
+    ; set contract bytecode length
+    B               :MSTORE(codecopyBytecodeLength)
+    C               :MSTORE(memOffset)
+    E               :MSTORE(remainingBytes)
+
+opCODECOPYloopInit:
+    ; checks zk-counters
+    %MAX_CNT_MEM_ALIGN - CNT_MEM_ALIGN  - E     :JMPN(outOfCountersMemalign)
+
+opCODECOPYloop:
+    %MAX_CNT_STEPS - STEP - 100                 :JMPN(outOfCountersStep)
+    %MAX_CNT_BINARY - CNT_BINARY - 2            :JMPN(outOfCountersBinary)
+
+    $ => B          :MLOAD(remainingBytes), JMPZ(readCode)
+    $ => A          :MLOAD(memOffset), CALL(offsetUtil); in: [A: offset] out: [E: offset/32, C: offset%32]
+    E               :MSTORE(memInteger)
+    ; read M0 previous value
+    $ => A          :MLOAD(MEM:E)
+    A               :MSTORE(previousValue), CALL(opCODECOPYLoadBytes); in:[codecopyBytecodeLength, codecopyHashId] out: [B: readByte]
+    $ => A          :MLOAD(previousValue)
+    ${memAlignWR8_W0(A,B,C)} => D  ; no trust calculate W0
+    B               :MEM_ALIGN_WR8 ; only use LSB of B, rest of bytes could be non zero
+    $ => E          :MLOAD(memInteger)
+    D               :MSTORE(MEM:E) ; write W0
+    ; update vars loop
+    $ => B          :MLOAD(remainingBytes)
+    B - 1 => B  ; decrease 1 byte from length
+    B               :MSTORE(remainingBytes)
+    $ => A          :MLOAD(memOffset)
+    A + 1 => A  ; increment offset to write the next byte
+    A               :MSTORE(memOffset), JMP(opCODECOPYloop)
+
+
+; @info Load 0 if read bytecode position is above bytecode length
+opCODECOPYLoadBytes:
+    0 => A
+    $ => B          :MLOAD(codecopyBytecodeLength)
+    $               :EQ, JMPC(readZero)
+    HASHPOS => A
+    $               :LT, JMPC(readValueBytecode)
+readZero:
+    0 => B          :RETURN
+readValueBytecode:
+    $ => E          :MLOAD(codecopyHashId)
+    ; read value to write in memory
+    $ => B          :HASHP1(E), RETURN
+
+/**
+ * @link [https://www.evm.codes/#3B?fork=berlin]
+ * @zk-counters
+ *  - 100 steps
+ *  - %MAX_CNT_POSEIDON_SLOAD_SSTORE poseidon
+ * @process-opcode
+ *  - stack input: [address]
+ *  - stack output: [size]
+ */
+opEXTCODESIZE:
+    ; checks zk-counters
+    %MAX_CNT_STEPS - STEP - 100 :JMPN(outOfCountersStep)
+    %MAX_CNT_POSEIDON_G - CNT_POSEIDON_G - %MAX_CNT_POSEIDON_SLOAD_SSTORE :JMPN(outOfCountersPoseidon)
+    ; check stack underflow
+    SP - 1 => SP    :JMPN(stackUnderflow)
+    $ => A          :MLOAD(SP), CALL(maskAddress); [address => A]; in: [A: address] out: [A: masked address]
+                    :CALL(isColdAddress); in: [A: address] out: [D: 0 if warm, 1 if cold]
+    ; check out-of-gas
+    GAS - %WARM_STORAGE_READ_GAS - D * %COLD_ACCOUNT_ACCESS_COST_REDUCED => GAS    :JMPN(outOfGas)
+    ; set key for smt smart contract length query
+    %SMT_KEY_SC_LENGTH => B
+    0 => C
+    $ => A          :SLOAD
+    A               :MSTORE(SP++), JMP(readCode); [size => SP]
+
+; read hash smt
+; put 32 by 32 bytes in the hashP
+; assert bytes with hash smt
+
+; read byte from hashP and copy into memory
+; over length => set 0's
+VAR GLOBAL tmpContractHashId
+VAR GLOBAL tmpContractLength
+/**
+ * @link [https://www.evm.codes/#51?fork=berlin]
+ * @zk-counters
+ *  - dynamic: 100
+ *  - dynamic poseidon: %MAX_CNT_POSEIDON_SLOAD_SSTORE + f(size)
+ * @process-opcode
+ *  - stack input: [address, destOffset, offset, size]
+ *  - stack output: []
+ */
+opEXTCODECOPY:
+    ; checks zk-counters
+    %MAX_CNT_STEPS - STEP - 300         :JMPN(outOfCountersStep)
+    %MAX_CNT_BINARY - CNT_BINARY - 1    :JMPN(outOfCountersBinary)
+
+    ; check stack underflow
+    SP - 4 => SP    :JMPN(stackUnderflow)
+    $ => A          :MLOAD(SP+3), CALL(maskAddress); [address => A]; in: [A: address] out: [A: masked address]
+                    :CALL(isColdAddress); in: [A: address] out: [D: 0 if warm, 1 if cold]
+
+    ; check out-of-gas
+    GAS - %WARM_STORAGE_READ_GAS - D * %COLD_ACCOUNT_ACCESS_COST_REDUCED => GAS            :JMPN(outOfGas)
+                    :CALL(opEXTCODECOPYLoadBytecode)
+    $ => C          :MLOAD(SP+2); [destOffset => C]
+    $ => D          :MLOAD(SP+1); [offset => D]
+    $ => E          :MLOAD(SP); [size => E]
+
+    ; store lastMemOffset for memory expansion gas cost
+    C               :MSTORE(lastMemOffset)
+
+    ; store lastMemLength for memory expansion gas cost
+    ; compute memory expansion gas cost
+    E               :MSTORE(lastMemLength), CALL(saveMem); in: [lastMemOffset, lastMemLength]
+
+    ; check out-of-gas
+    ;${3*((E+31)/32)}
+    E+31 => A
+    ;(E+31)/32
+    A               :MSTORE(arithA)
+    32              :MSTORE(arithB)
+                    :CALL(divARITH); in: [arithA, arithB] out: [arithRes1: arithA/arithB, arithRes2: arithA%arithB]
+    $ => A          :MLOAD(arithRes1)
+    ; Mul operation with Arith
+    ; 3*((E+31)/32)
+    3               :MSTORE(arithA)
+    A               :MSTORE(arithB), CALL(mulARITH); in: [arithA, arithB] out: [arithRes1: arithA*arithB]
+    $ => A          :MLOAD(arithRes1)
+    ; check out-of-gas
+    GAS - A => GAS  :JMPN(outOfGas)
+    ; if offset is above data len, length => offset
+    D => A
+    $ => B          :MLOAD(tmpContractLength)
+    $               :LT, JMPC(opEXTCODECOPY2)
+    B => A
+
+opEXTCODECOPY2:
+    ; init vars for copy the code
+    A => HASHPOS
+    $ => D          :MLOAD(tmpContractHashId)
+    D               :MSTORE(codecopyHashId) ; set hashId to get bytes from
+    B               :MSTORE(codecopyBytecodeLength) ; set contract bytecode length
+    C               :MSTORE(memOffset)
+    E               :MSTORE(remainingBytes), JMP(opCODECOPYloopInit)
+
+VAR GLOBAL tmpZkPCext
+opEXTCODECOPYLoadBytecode:
+    %MAX_CNT_POSEIDON_G - CNT_POSEIDON_G - %MAX_CNT_POSEIDON_SLOAD_SSTORE :JMPN(outOfCountersPoseidon)
+    ; set key for smt smart contract length query
+    %SMT_KEY_SC_LENGTH => B
+    0 => C
+    $ => D                          :SLOAD
+    ; if length is 0, nothing to check
+    ; after the implementation of EIP170, the maximum bytecode size is 24.576 bytes, less than 2**32
+    D                               :MSTORE(tmpContractLength), JMPZ(opEXTCODECOPYCheckHashEnd)
+
+    ; check poseidon counters
+    ; 56 is the value used by the prover to increment poseidon counters depending on the hash length
+    RR                                                  :MSTORE(tmpZkPCext)
+    D + 1                                               :MSTORE(arithA)
+    56                                                  :MSTORE(arithB), CALL(divARITH); in: [arithA, arithB] out: [arithRes1: arithA/arithB, arithRes2: arithA%arithB]
+    $ => RR                                             :MLOAD(tmpZkPCext)
+    $ => B                                              :MLOAD(arithRes1)
+    %MAX_CNT_POSEIDON_G - CNT_POSEIDON_G - %MAX_CNT_POSEIDON_SLOAD_SSTORE - 1 - B  :JMPN(outOfCountersPoseidon)
+    %MAX_CNT_PADDING_PG - CNT_PADDING_PG - 1 - B  :JMPN(outOfCountersPadding)
+
+    ; set key for smt smart contract code query
+    %SMT_KEY_SC_CODE => B
+    0 => C
+    $ => A          :SLOAD
+
+    ; get a new hashPId
+    $ => E                          :MLOAD(nextHashPId)
+    E                               :MSTORE(tmpContractHashId)
+    E + 1                           :MSTORE(nextHashPId)
+
+    ; load contract bytecode
+    A                               :HASHPDIGEST(E)
+opEXTCODECOPYCheckHashEnd:
+                                    :RETURN
+
+/**
+ * @link [https://www.evm.codes/#3D?fork=berlin]
+ * @zk-counters
+ *  - 1 binary
+ *  - 20 steps
+ * @process-opcode
+ *  - stack input: []
+ *  - stack output: [size]
+ */
+opRETURNDATASIZE:
+    ; checks zk-counters
+    %MAX_CNT_BINARY - CNT_BINARY - 1 :JMPN(outOfCountersBinary)
+    %MAX_CNT_STEPS - STEP - 20 :JMPN(outOfCountersStep)
+
+    ; check out-of-gas
+    GAS - %GAS_QUICK_STEP => GAS  :JMPN(outOfGas)
+    ; Load ret data length from last ctx
+    $ => B          :MLOAD(retDataCTX)
+    ; if no retDataCTX(0), retDataLength = 0
+    0 => A
+    $               :EQ, JMPC(endOpRETURNDATASIZE)
+    B => CTX
+    $ => A          :MLOAD(retDataLength)
+    ; Restore current context
+    $ => CTX        :MLOAD(currentCTX)
+
+endOpRETURNDATASIZE:
+    A               :MSTORE(SP++); [size => SP]
+    ; check stack overflow
+    %MAX_STACK_SIZE - SP       :JMPN(stackOverflow, readCode)
+
+/**
+ * @link [https://www.evm.codes/#3E?fork=berlin]
+ * @zk-counters
+ *  - 2 binary
+ *  - dynamic steps: 400 + 100 * size
+ * @process-opcode
+ *  - stack input: [destOffset, offset, size]
+ *  - stack output: []
+ */
+opRETURNDATACOPY:
+    ; checks zk-counters
+    %MAX_CNT_STEPS - STEP - 400 :JMPN(outOfCountersStep)
+    %MAX_CNT_BINARY - CNT_BINARY - 2          :JMPN(outOfCountersBinary)
+    ; check stack underflow
+    SP - 3 => SP          :JMPN(stackUnderflow)
+    ; check out-of-gas
+    GAS - %GAS_FASTEST_STEP => GAS  :JMPN(outOfGas)
+
+    $ => D          :MLOAD(SP+2); [destOffset => D]
+    $ => E          :MLOAD(SP+1); [offset => E]
+    $ => C          :MLOAD(SP); [size => C]
+    ; store lastMemOffset for memory expansion gas cost
+    D               :MSTORE(lastMemOffset)
+    ; store lastMemLength for memory expansion gas cost
+    C               :MSTORE(lastMemLength), CALL(saveMem); in: [lastMemOffset, lastMemLength]
+    ; if retDataCTX is 0, end opcode execution
+    $ => B          :MLOAD(retDataCTX)
+    0 => A
+    $               :EQ, JMPC(opRETURNDATACOPYEmpty)
+
+    ; Load ret data length from last ctx
+    B => CTX
+    E => B
+
+    $ => A          :MLOAD(retDataLength)
+    $ => E          :MLOAD(retDataOffset)
+    $ => CTX        :MLOAD(currentCTX)
+    ; A is retDataLength
+    ; B is offset
+    $               :LT, JMPC(outOfGas)
+    ; if retDataLength < offset + size -> OOG
+    A - B - C       :JMPN(outOfGas)
+
+    ; E ret data offset (memory pointer) of last context, B offset in return data  that want to retrieve
+    E + B => B ; memory pointer where start to copy memory
+    ;${3*((C+31)/32)}
+    C+31 => A
+    ;(C+31)/32
+    A               :MSTORE(arithA)
+    32              :MSTORE(arithB)
+                    :CALL(divARITH); in: [arithA, arithB] out: [arithRes1: arithA/arithB, arithRes2: arithA%arithB]
+    $ => A          :MLOAD(arithRes1)
+    ; Mul operation with Arith
+    ; 3*((C+31)/32)
+    3               :MSTORE(arithA)
+    A               :MSTORE(arithB), CALL(mulARITH); in: [arithA, arithB] out: [arithRes1: arithA*arithB]
+    $ => A          :MLOAD(arithRes1)
+    ; check out-of-gas
+    GAS - A => GAS  :JMPN(outOfGas)
+
+opRETURNDATACOPYloop:
+    %MAX_CNT_STEPS - STEP - 100 :JMPN(outOfCountersStep)
+    C               :JMPZ(readCode)
+    C - 32          :JMPN(opRETURNDATACOPYfinal)
+    B => E
+    ; Load memory from last context used
+    $ => CTX        :MLOAD(retDataCTX), CALL(MLOAD32); in: [E: offset] out: [A: value, E: new offset]
+    ; save new offset at B
+    ; Save memory to the current context
+    $ => CTX        :MLOAD(currentCTX)
+    E => B
+    D => E
+    ; set bytesToStore with value to use in MSTORE
+    A               :MSTORE(bytesToStore), CALL(MSTORE32); in: [bytesToStore, E: offset] out: [E: new offset]
+    E => D
+    C - 32 => C     :JMP(opRETURNDATACOPYloop)
+
+opRETURNDATACOPYfinal:
+    B => E
+    ; Load memory from last context used
+    $ => CTX        :MLOAD(retDataCTX), CALL(MLOADX); in: [E: offset, C: length] out: [A: value, E: new offset]
+    ; save memory to the current context
+    $ => CTX        :MLOAD(currentCTX)
+    E => B ; offset retDataCTX
+    D => E ; offset current CTX
+    ; set bytesToStore with value to use in MSTORE
+    A               :MSTORE(bytesToStore), CALL(MSTOREX); in: [bytesToStore, E: offset, C: length] out: [E: new offset]
+                    :JMP(readCode)
+
+opRETURNDATACOPYEmpty:
+    ; offset return data + len return data must be 0
+    E => A
+    C => B
+    $ => B          :ADD, JMPC(outOfGas)
+    0 => A
+    $               :EQ, JMPC(readCode, outOfGas)
+
+/**
+ * @link [https://www.evm.codes/#3F?fork=berlin]
+ * @zk-counters
+ *  - 100 steps
+ *  - %MAX_CNT_POSEIDON_SLOAD_SSTORE poseidon
+ * @process-opcode
+ *  - stack input: [address]
+ *  - stack output: [hash]
+ */
+opEXTCODEHASH:
+    ; checks zk-counters
+    %MAX_CNT_STEPS - STEP - 100 :JMPN(outOfCountersStep)
+    %MAX_CNT_POSEIDON_G - CNT_POSEIDON_G - %MAX_CNT_POSEIDON_SLOAD_SSTORE :JMPN(outOfCountersPoseidon)
+    ; check stack underflow
+    SP - 1 => SP    :JMPN(stackUnderflow)
+    $ => A          :MLOAD(SP), CALL(maskAddress); [address => A]; in: [A: address] out: [A: masked address]
+                    :CALL(isColdAddress); in: [A: address] out: [D: 0 if warm, 1 if cold]
+    ; check out-of-gas
+    GAS - %WARM_STORAGE_READ_GAS - D * %COLD_ACCOUNT_ACCESS_COST_REDUCED => GAS    :JMPN(outOfGas)
+    ; set key for smt smart contract code hash query
+    %SMT_KEY_SC_CODE => B
+    0 => C
+    $ => A          :SLOAD
+    A               :MSTORE(SP++), JMP(readCode); [hash => SP]