Question

What big danger happens if a contract uses `delegatecall` to run code from a place a bad person can change?

Accepted Answer

When a contract uses `delegatecall`, it executes code from a different contract at a specified address. The unique and critical aspect of `delegatecall` is that the called code runs entirely within the *caller&#x27;s execution context*. This means the code being executed will operate on the caller&#x27;s storage variables, use the caller&#x27;s Ether balance, and inherit the caller&#x27;s `msg.sender` and `msg.value`. The big danger arises if the address of the contract whose code is run via `delegatecall` can be modified or controlled by a bad person. This control allows an attacker to substitute the legitimate target contract with their own malicious contract.

Home → All Courses → Engineering and Technology Courses → Smart Contract Auditor Certification → Flashcard

What big danger happens if a contract uses `delegatecall` to run code from a place a bad person can change?