Delegatecall is a powerful low level operation in Solidity. A contract can use delegatecall to run code from another external contract while preserving the caller's context. This is extremely powerful and allows for things like upgradeable smart contracts. However, extreme caution is required since delegatecall has been the vector for numerous high profile hacks in Ethereum. The executing contract has the ability to manipulate the calling contract's state. It would be extremely unwise to use delegatecall as a catchall forwarding system in your contract. This is what allowed the attacker in the Parity Wallet hack of 2017 to overwrite the owner wallets with his own wallet address and withdraw all funds.
No comments:
Post a Comment