August 2019
Intermediate to advanced
486 pages
13h 52m
English
Content preview from Mastering Blockchain Programming with Solidity
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Avoid using delegatecall to untrusted contract code
By using the delegatecall function present in the contract, you can refer some code from another contract and execute it on the current contract context. Library functions are delegate-called to the current contract execution.
When the target contract address is untrusted, and/or when you are not sure about the code, you should not make delegatecall to these untrusted contracts. These untrusted contracts can perform malicious operations on your contracts as follows:
function _delegate(address _target) internal { // Bad Practice _target.delegatecall(bytes4(keccak256("externalCall()")));}
As you can see from the preceding code, although the _delegate function is internal, it still takes the ...