bug: Kakarot precompiles can be abused by malicious contracts by delegate-calling whitelisted contracts[2]

Question

bug: Kakarot precompiles can be abused by malicious contracts by delegate-calling whitelisted contracts[2]

Closed this issue 5 months ago · 1 comments

Bug Report

Malicious contracts can exploit users to make arbitrary calls to whitelisted contracts on their behalf via delegatecall
code-423n4/2024-09-kakarot-findings#38

Fix to implement

Make sure that DualVmToken, L2KakarotMessaging, as well as any other future contract using Kakarot precompiles, make extensive use of noDelegateCall modifiers.

Answer 1 · 2024-10-31T17:03:54.000Z

@obatirou pls can I be assigned