...by Daniel Szego
quote
"Simplicity is the ultimate sophistication."
Leonardo da Vinci

Wednesday, April 4, 2018

Solidity security patterns - difference between call delegate call and library call


It might be a little bit tricky to distinguish between the different kind of calls in solidity. Basically library call is realized on a low-level by delegate call and it is different from a standard call. In a standard call the context of the called contract is considered as active. In a library or delegate call the calling context, meaning variables, storage, visibility remain active. In other words in a library call only the function code of the called contract will be loaded, every other parameter remain the same. The situation can be best seen by the following contract examples: 

contract CalledContract {
    event showAddressEvent(address _from);
    function test() payable public {
        showAddressEvent(this);
    }
}

contract CallingContract {
    function callDifferentContracts(address _contractAddress) public {
        require(_contractAddress.call(bytes4(keccak256("test()"))));
        require(_contractAddress.delegatecall(bytes4(keccak256("test()"))));
        testLib.calledSomeLibFun();
    }
}

library testLib {
    event showAddressEvent(address _from);
    function calledSomeLibFun() public {
        showAddressEvent(this);
    }

By calling the callDifferentContracts function with the address of the CalledContract, the code first reveals the address of CalledContract as it is expected by a standard call. After that it shows the address of the CallingContract both at the delegatecall and at the library call examples.