Git-Mirrors/blockchains-security-toolkit
1
0
Fork 0
mirror of https://github.com/autistic-symposium/blockchains-security-toolkit.git synced 2025-05-12 19:52:23 -04:00
Code Issues Projects Releases Packages Wiki Activity
blockchains-security-toolkit/advanced_expert/vulnerabilities/delegatecall
History
bt3gl 184e917000 organize chapters for the ongoing research, remove dead links, add new resources
2024-11-04 18:42:30 +07:00
..
delegatecall.sol Create delegatecall.sol 2023-06-19 09:21:11 -07:00
proxies.md organize chapters for the ongoing research, remove dead links, add new resources 2024-11-04 18:42:30 +07:00
README.md organize chapters for the ongoing research, remove dead links, add new resources 2024-11-04 18:42:30 +07:00

README.md

attacks via code injection with DELEGATECALL


tl; dr


  1. Call to untrusted contracts may introduce unexpected risks and errors.
  2. External calls controlled by an attacker may force a contract to transition into an undefined state.
  3. Types of external calls: STATICCALL and DELEGATECALL.
  4. Using DELEGATECALL, contract can preserve the storage state while using the logic of the contract. This introduces the concept of Proxies.
  5. The proxy contract redirects all the calls it receives to an "logic contract", whose address is stored in its "proxy contract". The proxy runs the "logic contract"'s code as its own (modifying its storage and the balance of the "proxy contract").


  • bt3gl's diagram:


cool resources