From 0e2cdb198b81675596809e8f5b727e67f2fbe2a3 Mon Sep 17 00:00:00 2001 From: kaden Date: Sun, 28 Jul 2024 13:37:11 -0700 Subject: [PATCH] Update delegatecall-untrusted-callee.md --- vulnerabilities/delegatecall-untrusted-callee.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/vulnerabilities/delegatecall-untrusted-callee.md b/vulnerabilities/delegatecall-untrusted-callee.md index 912ac3c..09ee55b 100644 --- a/vulnerabilities/delegatecall-untrusted-callee.md +++ b/vulnerabilities/delegatecall-untrusted-callee.md @@ -45,7 +45,7 @@ contract Attack { } ``` -In this example, the `Proxy` contract uses `delegatecall` to forward any call it receives to an address provided by the user. The `Target` contract contains a to call the `pwn()` function that changes the owner of the contract to the caller. +In this example, the `Proxy` contract uses `delegatecall` to forward any call it receives to an address provided by the user. The `Target` contract contains a call to the `pwn()` function that changes the owner of the contract to the caller. The `Attack` contract takes advantage of this setup by calling the `forward` function of the `Proxy` contract, passing the address of the `Target` contract and the encoded function call `pwn()`. This results in the `Proxy` contract's storage being modified, specifically the `owner` variable, which is set to the attacker’s address. @@ -62,4 +62,4 @@ To mitigate the risks associated with `delegatecall` to untrusted callees, consi - [SWC Registry: SWC-112](https://swcregistry.io/docs/SWC-112) - [Solidity Documentation: Delegatecall](https://docs.soliditylang.org/en/latest/introduction-to-smart-contracts.html#delegatecall-and-libraries) - [Sigma Prime: Solidity Security](https://blog.sigmaprime.io/solidity-security.html#delegatecall) -- [Ethereum Stack Exchange: Difference Between Call, Callcode, and Delegatecall](https://ethereum.stackexchange.com/questions/3667/difference-between-call-callcode-and-delegatecall) \ No newline at end of file +- [Ethereum Stack Exchange: Difference Between Call, Callcode, and Delegatecall](https://ethereum.stackexchange.com/questions/3667/difference-between-call-callcode-and-delegatecall)