...by Daniel Szego
"Simplicity is the ultimate sophistication."
Leonardo da Vinci

Tuesday, April 3, 2018

Solidity Tips and Tricks - delegatecall and callcode

It should be paid attention that delegatecall and callcode are pretty much similar in a lot of senses. Both delegatecall and callcode are executed in the context of the calling contract, meaning that the whole context of the calling contract is actually vulnerable for different attack possibilities. The only difference is that in callcode msg.sender and msg.value are not preserved. As in the following example, the private variable of contract D is changed by callTest even if the function was called indirectly from contract E.

contract D{
    uint private n = 0;
    function getN () returns (uint) {
        return n;
    function callTest(address _e, uint _n) {
        _e.callcode(bytes4(sha3("setN(uint256)")), _n);

contract E{
    uint public n = 0;
    function setN(uint _n) {
        n = _n;