Git-Mirrors/blockchains-security-toolkit
1
0
Fork 0
mirror of https://github.com/autistic-symposium/blockchains-security-toolkit.git synced 2025-08-01 19:06:17 -04:00
Code Issues Projects Releases Packages Wiki Activity

clean up (#3)

Browse source
This commit is contained in:
mia von steinkirch, phd 2022-12-24 19:54:41 -08:00 committed by GitHub
parent a839a93af7
commit 2df3e6444d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
54 changed files with 170 additions and 1532 deletions
Download patch file Download diff file Expand all files Collapse all files

2
vulnerabilities/delegatecall/README.md
View file

@ -1,4 +1,4 @@
# Attacks via code injection with `DELEGATECALL`
## attacks via code injection with `DELEGATECALL`
<br>

40
vulnerabilities/delegatecall/proxies.md
View file

@ -1,11 +1,15 @@
## 🌶 notes on proxies
## proxies
### tl; dr
<br>
*There exists a special variant of a message call, named delegatecall which is identical to a message call apart from the fact that the code at the target address is executed in the context (i.e. at the address) of the calling contract and msg.sender and msg.value do not change their values. This means that a contract can dynamically load code from a different address at runtime. Storage, current address and balance still refer to the calling contract, only the code is taken from the called address.*
* here exists a special variant of a message call, named delegatecall which is identical to a message call apart from the fact that the code at the target address is executed in the context (i.e. at the address) of the calling contract and msg.sender and msg.value do not change their values. This means that a contract can dynamically load code from a different address at runtime. Storage, current address and balance still refer to the calling contract, only the code is taken from the called address.
<br>
---
### proxy patterns
<br>
@ -21,19 +25,47 @@
<br>
### diamond pattern
#### transparent proxy pattern (TPP)
1. upgrade logic is stored in proxy itself.
2. gas-inefficient
<br>
#### universal upgradable proxy standard (UUPS)
1. upgrade logic is stored in logic itself
2. gas-efficient
<br>
#### diamond pattern
* diamond patterns differ from proxy patterns because the diamond proxy contract can delegates function calls to more than one logic contract.
* when a user makes a function call, the proxy contract checks the mapping to find the facet responsible for executing that function. Then it invokes delegatecall (using the fallback function) and redirects the call to the appropriate logic contract.
<br>
### resources
---
### unitialized proxy bug
* Developers might leave proxies unitialized - this can be a problem when it leads to changes such as granting ownership to the caller
* the owners of the contract can upgrade the implementation contract
* this bug can lead to the self-destruction of the implementation contract (proxy contract is bricked)
<br>
---
### resources
* [proxy patterns](https://mirror.xyz/0xB38709B8198d147cc9Ff9C133838a044d78B064B/M7oTptQkBGXxox-tk9VJjL66E1V8BUF0GF79MMK4YG0)
* [how diamond upgrades work](https://dev.to/mudgen/how-diamond-upgrades-work-417j)
* [the state of smart contract updates](https://blog.openzeppelin.com/the-state-of-smart-contract-upgrades/)