Closed LHerskind closed 1 month ago
[!WARNING] This pull request is not mergeable via GitHub because a downstack PR is open. Once all requirements are satisfied, merge this PR as a stack on Graphite. Learn more
This stack of pull requests is managed by Graphite. Learn more about stacking.
Join @LHerskind and the rest of your teammates on Graphite
Metrics with a significant change:
A fix is fairly easy, simply need to assert that the msg_sender == max_value
in the first call. We want to use max_value
instead of 0, to avoid cases of using Address(0)
.
However, some of the tests gets kinda rekt with it, because many of the private_execution tests are calling functions directly and abusing the msg_sender in there.
@sirasistant or @LeilaWang, might make sense for one of you to look at this? Not fully sure what you guys think is the best way to do it and update all of the tests that it will break.
This should be fixed in #7404 so closing this.
Figured that the
msg_sender
that can be passed in during simulation is actually not constrained and blindly used. So if you bypass the account contract (where it does not really matter in most cases) and instead call private functions directly, you can use them as an entry point, but at the same time convince them that you called from some other contract.This essentially allow you to set
msg_sender
at will, and is extremely dangerous, since you can use to to impersonate whoever you want.In my case, I use it to impersonate a minter and mint some nice tokens for the attacker. In there, I'm minting 10K tokens to him, but he could really do whatever he want.
I don't think we are able to impersonate on public calls right now, but might just be because it is a little impractical to do atm. Nevertheless, this have to be fixed.