-
## Bug Report
Malicious contracts can exploit users to make arbitrary calls to whitelisted contracts on their behalf via delegatecall
https://github.com/code-423n4/2024-09-kakarot-findings/issues/38…
-
**Bug Description**
The deployment fails when setting up the value `systemConfigStartBlock` as non 0 ( default `4071248` for sepolia in the existing configs )
**Steps to Reproduce**
Run the fol…
-
The create address derivation for `EOFCREATE` is based on `CREATE2`.
keccack256(sender_address + salt + keccak256(init-container))
where the `sender_address` is the logical address of the co…
-
# Lines of code
https://github.com/code-423n4/2024-07-basin/blob/7d5aacbb144d0ba0bc358dfde6e0cc913d25310e/src/WellUpgradeable.sol#L22-L31
# Vulnerability details
## Impact
The `notDelegatedOrIsMin…
-
## Bug Report
### Kakarot version [bdd639f](https://github.com/kkrt-labs/kakarot/pull/771/commits/bdd639f8a15f46eeab3d7c902ee400ad26d6e30f)
### Current behavior
The below tests will require…
-
Per @anorth's request, this is how we'd make DelegateCall "generic" to avoid any type checking:
1. Export `GetBytecode` as an frc42 method. We'd call it something like `GetEVMBytecode`
2. Blindly …
-
### Component
Cast
### Have you ensured that all of these are up to date?
- [X] Foundry
- [X] Foundryup
### What version of Foundry are you on?
forge 0.2.0 (9148dbc 2024-03-27T00:16:30…
-
I noticed a few more issues while running the proxy detection on the Sourcify database. Let's have a look at two example contracts on Ethereum mainnet:
### 0x56C5Aef1296d004707475c8440f540DdA409b53…
-
The `FallbackManager` contract forwards all calls to the handler contract via the `CALL` opcode. Therefore in the next call frame the `msg.sender` variable equals the Safe address. There's potential r…
-
## Simple Summary
Allow Vyper contracts to safely `DELEGATECALL` into other Vyper contracts by enforcing strict storage slot layouts between contracts.
## Motivation
`DELEGATECALL` allows a contr…