Delegatecall to Untrusted Callee Vulnerability

• Published on 07-Apr-2025, 15:00 UTC | Updated on 08-Apr-2025, 14:50 UTC
•  Security vulnerabilities
• (4 Preview)

Delegatecall to Untrusted Callee Vulnerability

The delegatecall function is a special type of message call. It is almost identical to a regular message call, except that the destination address is executed within the context of the calling contract, and the msg.sender and msg.value remain the same as before. Essentially, delegatecall allows other contracts to modify the storage of the calling contract.

Because delegatecall provides significant control over a contract, it is crucial to use it only with trusted contracts, such as your own. If the destination address is derived from user input, it is essential to ensure that the contract is trustworthy.

Vulnerabilities Associated with Delegatecall:

1. State Variable Collisions: The most common vulnerability arising from state variable collisions. Since delegatecall executes the destination contract's code in the calling contract's context, any modification to state variables by the destination contract will impact the calling contract’s state. If the state variable structures in the destination contract do not match exactly with the calling contract, unintended changes to the calling contract’s state may occur, leading to unpredictable behavior or exploitation of vulnerabilities.

2. Unintended Authority Granting: delegatecall transfers the execution control to the destination contract, which may result in situations where the destination contract unexpectedly gains the ability to perform sensitive operations on behalf of the calling contract, such as transferring tokens, changing ownership, or altering access permissions.

3. Logic Errors and Attacks: The flexibility of delegatecall may unintentionally introduce logic errors or expose the contract to reentrancy attacks if not properly managed, particularly when interacting with untrusted contracts.

Impact of Delegatecall to Untrusted Callee:

The delegatecall function is used to invoke functions from other contracts as if they belong to the calling contract. Therefore, using delegatecall or call to an untrusted contract, along with a malicious address and data field in the call function, allows an attacker to act as a proxy contract.

Recommended Actions:

• Use delegatecall cautiously: Ensure that you never call untrusted contracts via delegatecall. If the destination address is derived from user input, ensure it is checked against a whitelist of trusted contracts.

Our Solution:

• Request an Audit

Resources:

• SWC-112 Delegatecall to Untrusted Callee