Git-Mirrors/blockchains-security-toolkit
1
0
Fork 0
mirror of https://github.com/autistic-symposium/blockchains-security-toolkit.git synced 2025-05-13 12:12:19 -04:00
Code Issues Projects Releases Packages Wiki Activity
blockchains-security-toolkit/vulnerabilities/delegatecall
History
mia von steinkirch, phd 2df3e6444d
clean up (#3)
2022-12-24 19:54:41 -08:00
..
proxies.md clean up (#3) 2022-12-24 19:54:41 -08:00
README.md clean up (#3) 2022-12-24 19:54:41 -08:00

README.md

attacks via code injection with DELEGATECALL


🖤 This is my favorite vuln


TL;DR

  1. Call to untrusted contracts may introduce unexpected risks and errors.
  2. External calls controlled by an attacker may force a contract to transition into an undefined state.
  3. Types of external calls: STATIC CALL and DELEGATE CALL.
  4. Using DELEGATE CALL, contract can preserve the storage state while using the logic of the contract. This introduces the concept of Proxies.
  5. The proxy contract redirects all the calls it receives to an "logic contract", whose address is stored in its "proxy contract". The proxy runs the "logic contract"'s code as its own (modifying its storage and the balance of the "proxy contract").
Screen Shot 2022-09-17 at 5 30 04 PM

Learning resources