Skip to content
This repository was archived by the owner on Jan 9, 2025. It is now read-only.
This repository was archived by the owner on Jan 9, 2025. It is now read-only.

bug: Kakarot precompiles can be abused by malicious contracts by delegate-calling whitelisted contracts[2] #1562

Closed
#1567
Closed
bug: Kakarot precompiles can be abused by malicious contracts by delegate-calling whitelisted contracts[2]#1562
#1567
Labels
c4-october-2024
@obatirou

Description

@obatirou
obatirou
opened on Oct 31, 2024

Bug Report

Malicious contracts can exploit users to make arbitrary calls to whitelisted contracts on their behalf via delegatecall
code-423n4/2024-09-kakarot-findings#38

Fix to implement

Make sure that DualVmToken, L2KakarotMessaging, as well as any other future contract using Kakarot precompiles, make extensive use of noDelegateCall modifiers.

Metadata

Metadata

Assignees

No one assigned

    Labels

    c4-october-2024

    Type

    No type

    Projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions