Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Linter: Unprotected DelegateCall call #1966

Open
jubnzv opened this issue Nov 1, 2023 · 0 comments
Open

Linter: Unprotected DelegateCall call #1966

jubnzv opened this issue Nov 1, 2023 · 0 comments
Labels
A-linter Issue regarding the ink! linter. B-feature-request A request for a new feature.

Comments

@jubnzv
Copy link
Member

jubnzv commented Nov 1, 2023

The contract call that uses DelegateCall must be protected with access controls that check the address of the caller. That's important because the untrusted code called with DelegateCall can change storage values of the caller.

Examples:

#[ink(message)]
pub fn bad(&mut self, hash: Hash) {
    let selector = ink::selector_bytes!("delegatee_fn");
    let _ = build_call::<DefaultEnvironment>()
        .delegate(hash)
        .exec_input(ExecutionInput::new(Selector::new(selector)))
        .returns::<()>()
        .try_invoke(); // Bad: No access control
}

#[ink(message)]
pub fn good(&mut self, hash: Hash) {
    if self.env().caller() == ALLOWED_USER { // Good: Access control is implemented
        let selector = ink::selector_bytes!("delegatee_fn");
        let _ = build_call::<DefaultEnvironment>()
            .delegate(hash)
            .exec_input(ExecutionInput::new(Selector::new(selector)))
            .returns::<()>()
            .try_invoke();
    }
}

The implementation should check all the invocations of the created call objects in MIR. Each invocation should be preceded by the condition that uses self.env().caller() or the hash of the delegatee contract.

Reference: SWC-112

Related: #1965

@jubnzv jubnzv added B-feature-request A request for a new feature. A-linter Issue regarding the ink! linter. labels Nov 1, 2023
@jubnzv jubnzv changed the title Unprotected DelegateCall call Linter: Unprotected DelegateCall call Nov 1, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
A-linter Issue regarding the ink! linter. B-feature-request A request for a new feature.
Projects
None yet
Development

No branches or pull requests

1 participant