Mapping Storage Key – How to Derive the Storage Key of Mapping to an Account

keccakmappingsha3storageweb3.py

I am trying to derive changes of account storage by mapping accounts (here, the accounts represent the key address in the ERC20 balances mapping mapping(address => uint256)) to their corresponding storage keys from a parity transaction trace.

An example trace (fetched through web3.py) of transaction https://etherscan.io/tx/0x210cfe3d3b62f415ed0327a3c6177086df4937b6280031255360b6d137308554 is:

{
    'output': '0x',
    'stateDiff': {
        '0x52bc44d5378309ee2abf1539bf71de1b7d7be3b5': {
            'balance': {
                '*': {
                    'from': '0x122291885d6222bc5ec',
                    'to': '0x12229193ca3f58565ec'
                }
            },
            'code': '=',
            'nonce': '=',
            'storage': {}
        },
        '0xaddba95f769b5d42c02e144102817eab9d00efd3': {
            'balance': '=',
            'code': '=',
            'nonce': '=',
            'storage': {
                '0x1ded6755a6d7d843883da8cd8948931cf9f8b1e8f8983ad77e1685ece0b92fc2': {
                    '*': {
                        'from': '0x0000000000000000000000000000000000000000000000000000000000000000',
                        'to': '0x000000000000000000000000000000000000000000000000000bfb8d0ebc5000'
                    }
                },
                '0x5020d77d5345022a5466af6f78731b10f92d31e17961c23ea6ce5c185dc75d49': {
                    '*': {
                        'from': '0x0000000000000000000000000000000000000000000000000000000000000000',
                        'to': '0x0000000000000000000000000000000000000000000000000000e1412a5f1c00'
                    }
                }
            }
        },
        '0xf2eeb980b60b9ed146636c65ecc5e8f27a8aed40': {
            'balance': {
                '*': {
                    'from': '0x2c4c7111f4801a8',
                    'to': '0x2c410434bee61a8'
                }
            },
            'code': '=',
            'nonce': {
                '*': {
                    'from': '0x143',
                    'to': '0x144'
                }
            },
            'storage': {}
        }
    },
    'trace': [{
        'action': {
            'callType': 'call',
            'from': '0xf2eeb980b60b9ed146636c65ecc5e8f27a8aed40',
            'gas': '0x9008',
            'input': '0xa9059cbb000000000000000000000000e034e561ce112c5f261f15d447e8f2436d9625040000000000000000000000000000000000000000000000000000e130de0be000',
            'to': '0xaddba95f769b5d42c02e144102817eab9d00efd3',
            'value': '0x0'
        },
        'result': {
            'gasUsed': '0x3924',
            'output': '0x'
        },
        'subtraces': 0,
        'traceAddress': [],
        'type': 'call'
    }],
    'vmTrace': None
}

According to https://solidity.readthedocs.io/en/v0.4.24/miscellaneous.html#layout-of-state-variables-in-storage, "value corresponding to a mapping key k is located at keccak256(k . p) where . is concatenation". I am aware of the necessary left pad, according to "keccack(LeftPad32(key, 0), LeftPad32(map position, 0))" https://github.com/ethereum/wiki/wiki/JSON-RPC#eth_getstorageat, although the hashing functions seem to handle this internaly already.

I tried the Web3.sha3() for this keccak256 storage key, and other issues on StackOverflow mention that Solidity employs a slightly different hashing algorithm. Nevertheless, also by using the proper Web3.soliditySha3() I do not arrive at a hash that would present me the key found in the the trace (here, 0x1ded6755a6d7d843883da8cd8948931cf9f8b1e8f8983ad77e1685ece0b92fc2 or 0x5020d77d5345022a5466af6f78731b10f92d31e17961c23ea6ce5c185dc75d49) to the account 0xf2eeb980b60b9ed146636c65ecc5e8f27a8aed40.

What is the right way (preferably with web3.py) to hash the account and position in order to arrive at the mapping storage key?

Best Answer

As mentioned by @jaime in the comments you need the position of the mapping variable to find the relation between address and storage key.

You can find a code I have written to detect the position for a basic erc20 contract below (using web3.py):

import json
from web3.auto.infura import w3
from eth_utils import remove_0x_prefix, to_int, to_checksum_address, to_hex

# erc20 contract address
CONTRACT_ADDRESS = '0x89205A3A3b2A69De6Dbf7f01ED13B2108B2c43e7'
# address with non zero token balance
HOLDER_ADDRESS = '0xD1220A0cf47c7B9Be7A2E6BA89F429762e7b9aDb' 

def getStorageAtIndex(i):
    pos = str(i).rjust(64, '0')
    key = remove_0x_prefix(HOLDER_ADDRESS).rjust(64, '0').lower()
    storage_key = to_hex(w3.sha3(hexstr=key + pos))
    return to_int(w3.eth.getStorageAt(CONTRACT_ADDRESS, storage_key))

for i in range(0, 20):
    if getStorageAtIndex(i) != 0:
        print("position is {}".format(i))

Result:
>>> position is 5

Once you have the correct value of position you can fetch the values stored in contract easily.

pos = str(5).rjust(64, '0')
key = remove_0x_prefix(HOLDER_ADDRESS).rjust(64, '0').lower()
storage_key = to_hex(w3.sha3(hexstr=key + pos))
w3.eth.getStorageAt(CONTRACT_ADDRESS, storage_key)

Related Solutions

[Ethereum] Storing multiple values in one key mapping (Solidity)

It's not clear if you want to retrieve all the values in a mapping or use the mapping to store structures that contain interesting, multipart things.

No to the first interpretation.

Yes to the second.

Lay out an instance (for one key) in a struct. Map the structs to the keys.

struct MyStruct {
  uint part1;
  bool part2;
  ...
}

mapping(uint => MyStruct) public myStructs;

It's also possible to store arrays and more mappings in a struct. The getters and setters get more interesting than the "free" getter you get with this public mapping of scaler types.

UPDATE

Upon reflection, I realized there is a third interpretation.

Pass the entire mapping around, without interpretation.

No, to externally.

Yes, to internally.

You can pass a mapping internally by sending only the storage pointer. A storage pointer reduces the object to 1 32-byte word from which all slots in the mapping can be deduced. As such, it is meaningless externally and external opinions about can't be trusted. Therefore, functions that do that must be marked internal or private. If that sounds cryptic, have a look at https://blog.b9lab.com/storage-pointers-in-solidity-7dcfaa536089.

You can pass structs this way, and mappings can reside in structs, so ...

Have a look at:

pragma solidity 0.5.12;

    contract ArrayMapping {

    struct MyStruct {
        uint part1;
        bool part2;
    }

    struct MapStruct {
        mapping(uint => MyStruct) myStructs;   
    }

    MapStruct map;

    function get(uint index) public view returns(uint, bool) {
        return fetch(map, index);
    }

    function fetch(MapStruct storage m, uint index) internal view returns(uint, bool) {
        return (m.myStructs[index].part1, m.myStructs[index].part2);
    }
}

A "storage pointer" to the struct that contains a mapping is passed into fetch. This doesn't help fetch iterate, count or otherwise understand the contents of the mapping but it gives it the raw material to get started.

You can pass structs around to/from libraries and that can help compartmentalize logic that is focused on complex storage structures. See https://github.com/rob-Hitchens/UnorderedKeySet and https://medium.com/hackernoon/binary-search-trees-and-order-statistics-for-ethereum-db47e2dd2c36 for examples.

Hope it helps.

Storage Mapping in Ethereum – How Ethereum Fits a Mapping into Storage?

When you declare a mapping like in the following contract :

contract MappingExample {
    mapping(address => uint256) balances;
}

The variable balances is assigned to storage slot 0 (simply because it is the first one). But the mapped elements are elsewhere.

To compute the storage slot or location of the mapped elements, the following is used :

slot = keccak256([key, mappingSlot]) // concatenate key and mapping slot

The thing is that non allocated storage slots default to the value 0. So every key that was not assigned a value points to a non allocated storage slot for which the EVM can return the value 0 directly. There is no need to actually store 2^256 - 1 slots just because a mapping was declared.

If you are curious about that you can see the implementation of the SLOAD OPCODE in go-ethereum here that calls the evm.StateDB.GetState method defined here:

func (s *StateDB) GetState(addr common.Address, hash common.Hash) common.Hash {
    stateObject := s.getStateObject(addr)
    if stateObject != nil {
        return stateObject.GetState(s.db, hash)
    }
    return common.Hash{}
}

As you can see, if stateObject == nil then common.Hash{} is returned. This is a zeroed 32 bytes array. Basically, a zeroed out storage field that doesn't need to be stored in case the address has not state associated to it.

In turn (not directly) it will call GetCommittedState defied here. This method is pretty big so I'm not pasting it here, the same logic follows if the key cannot be recovered from the state trie a default value of 0 will be returned.

So, refining our example a little:

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.10;

contract MappingExample {

    mapping(address => uint256) balances;

    constructor() {
        // Setting balance of an arbitrary address.
        balances[address(0x10)] = 100;
    }

}

You can read balances[address(0x10)] with the following Web3 code:

import Web3 from "web3";

const web3 = new Web3("http://localhost:8545");

// ADDRESS OF OUR CONTRACT (CHANGE IT FOR YOUR OWN)
const contractAddress = "0xd4EC28074b7A66F536D9feCf9b2f81B962215e69";

// STORAGE SLOT OF THE MAPPING
const mappingSlot = '0000000000000000000000000000000000000000000000000000000000000000';

// KEY THAT WE WANT TO READ IN THE MAPPING
const key =         '0000000000000000000000000000000000000000000000000000000000000010';

// COMPUTE THE ACTUAL STORAGE SLOT OF THE VALUE ASSOCIATED WITH THE KEY
const balanceSlot = web3.utils.soliditySha3({t: 'bytes', v: key + mappingSlot});

const balance = await web3.eth.getStorageAt(contractAddress, balanceSlot);
console.log(web3.utils.toNumber(balance));
// DISPLAYS : 100

Because the hash (interpreted as a storage index) is stored in the EVM, any unknown value will return a 256 bit 0 value as shown in the GetState function, this 0 value doesn't need to be stored.

In essence, every value in a mapping is mapped to something. But not all values are stored in the contract storage space, only the values that have been set. Making it a quite efficient structure that doesn't require every node to allocate 2^256 - 1 bits for each mapping in existence.

Best Answer

Related Solutions

[Ethereum] Storing multiple values in one key mapping (Solidity)

Storage Mapping in Ethereum – How Ethereum Fits a Mapping into Storage?

Related Topic