Blob Data Dependency
Detects contracts that depend on EIP-4844 blob data availability, which is only guaranteed for a limited time window.
Blob Data Dependency
Overview
The blob dependency detector identifies contracts that reference EIP-4844 blob-related opcodes (BLOBHASH, BLOBBASEFEE) or depend on blob data availability without accounting for the data pruning window. Blob data is only guaranteed to be available for approximately 18 days after inclusion; contracts that assume permanent availability will break.
Why This Is an Issue
EIP-4844 introduced blob transactions for L2 data availability, but blob data is pruned after the retention window. Contracts or L2 systems that:
- Reference
BLOBHASHfor verification purposes after the pruning window - Use
BLOBBASEFEEfor long-term pricing calculations - Assume blob data can be retrieved on-chain indefinitely
will malfunction after the data is pruned. This primarily affects fraud proof systems, data availability layers, and contracts that verify blob commitments.
How to Resolve
Ensure blob data is either consumed within the retention window or stored permanently in calldata/contract storage when long-term availability is needed.
Examples
Sample Sigvex Output
{
"detector_id": "blob-dependency",
"severity": "medium",
"confidence": 0.62,
"description": "BLOBHASH opcode used at offset 0x28 for data verification. Blob data is pruned after ~18 days; verification will fail for older transactions.",
"location": { "function": "verifyBlob(uint256)", "offset": 40 }
}Detection Methodology
- Opcode scan: Identifies
BLOBHASH(0x49) andBLOBBASEFEE(0x4a) opcodes. - Usage context: Determines whether the blob reference is time-bounded (acceptable) or permanent (problematic).
- Storage analysis: Checks whether blob commitments are stored for later verification (indicating dependency on pruned data).
Limitations
- Cannot determine the actual time window between blob submission and verification attempt.
- L2-specific blob usage patterns may have different availability guarantees.
Related Detectors
- L2 Rollup — L2-specific vulnerabilities
- Timestamp Dependence — time-dependent logic