Open obatirou opened 1 week ago
Malicious contracts can exploit users to make arbitrary calls to whitelisted contracts on their behalf via delegatecall https://github.com/code-423n4/2024-09-kakarot-findings/issues/38
Make sure that DualVmToken, L2KakarotMessaging, as well as any other future contract using Kakarot precompiles, make extensive use of noDelegateCall modifiers.
@obatirou pls can I be assigned
Jemiiah
commented
1 week ago
Bug Report
Malicious contracts can exploit users to make arbitrary calls to whitelisted contracts on their behalf via delegatecall https://github.com/code-423n4/2024-09-kakarot-findings/issues/38
Fix to implement
Make sure that DualVmToken, L2KakarotMessaging, as well as any other future contract using Kakarot precompiles, make extensive use of noDelegateCall modifiers.