Intro to Smart Contract Security Audits | Delegatecall (1)

  • call: After the call, the value of the built-in variable msg will be modified by the caller, and the execution environment is the callee’s runtime environment.
  • delegatecall: After the call, the value of the built-in variable msg will not be changed for the caller, but the execution environment is the caller’s runtime environment;
  • callcode: After the call, the value of the built-in variable msg will be modified by the caller, but the execution environment is the caller’s runtime environment. It should be noted that callcode has been disabled in all versions after 0.5.0, so we’re only limited in this case.
  1. Alice deploys the Lib contract;
  2. Alice deploys the HackMe contract and passes the address of the Lib contract in the constructor.
  3. The attacker Eve deploys the Attack contract and passes the HackMe address in the constructor.
  4. The attacker Eve calls the attack function to successfully change the owner in the HackMe contract to himself.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
SlowMist

SlowMist

1.6K Followers

SlowMist is a Blockchain security firm established in 2018, providing services such as security audits, security consultants, red teaming, and more.