-
Notifications
You must be signed in to change notification settings - Fork 5.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Secure DelegateCall #1350
Comments
I agree something like this would be very valuable. However, the specification needs a lot of work. If I'm understanding correctly, this would make any attempt to execute |
So my motivation was to prevent that a master copy can be suicided. We have a master copy which allows the use of delegate calls. While the master copy itself has no way of calling It would be nice that this could be ensured on the evm level. So even if somebody somehow finds a way to trigger a EDIT: and yes the specification needs work :D just wanted to have some input first, before deep diving into the evm related stuff. |
This is best worked around at the user level:
|
A The only interaction the caller and callee can have, then, is passing data back via the revert. |
There has been no activity on this issue for two months. It will be closed in a week if no further activity occurs. If you would like to move this EIP forward, please respond to any outstanding feedback or add a comment indicating that you have addressed all required feedback and are ready for a review. |
This issue was closed due to inactivity. If you are still pursuing it, feel free to reopen it and respond to any feedback or request a review in a comment. |
eip: TDB
title: Secure DelegateCall
author: Richard Meissner (@rmeissner)
category: Core
type: Standards Track
status: Draft
created: 2018-08-24
Specification
Adds a new opcode at
0xf6
, which is identical to0xf4
(delegatecall), but doesn't allow to execute0xff
(SELFDESTRUCT).Motivation
The use of proxy contract is increasing and with this the use "master copies" with complex code is also increasing. This increases the security risk, if a contract should support delegate calls to any address, to allow the usage of a large selection of library contracts (e.g. a contract that executes multiple transactions at once in the context of a MultiSig). Imposing the requirement that a delegate call is not selfdestructing a contract make it more secure and support audits. With this it can be ensured that a master copy contract can never be suicided and the logic for all the proxies is always available.
Optional
It would also be really helpful to be able to specify a storage range that the delegate call is allowed to access.
The text was updated successfully, but these errors were encountered: