Skip to content

Instantly share code, notes, and snippets.

@arpitsingh1409
Last active September 22, 2022 13:32
Show Gist options
  • Save arpitsingh1409/ffc352276eabe4347b73b1f27804d3ce to your computer and use it in GitHub Desktop.
Save arpitsingh1409/ffc352276eabe4347b73b1f27804d3ce to your computer and use it in GitHub Desktop.
Recommendation #2 - Spearbit Technical Exercise

Recommendation #2 for Spearbit Assignment

Recommendation: Since the msg.sender value do not change when a function is executed with delegatecall, we can create a state variable (named owner) in the Implementation contract at storage slot 0 and initialize it to the zero address. After this, we can add access control to the delegatecallContract function: require(msg.sender == owner); Now if someone calls the delegatecallContract function directly in the Implementation contract, the check would fail as no one has access to the zero account, however when the function is called from the proxy contract as a delegatecall, msg.sender would remain the same, but the owner state variable would be read from the stroage of the Proxy contract since it is a delegate call and hence the require statement will pass as the slot 0 storage of proxy contract has the address of the proxy contract owner stored.

// SPDX-License-Identifier: MIT
pragma solidity 0.8.10;
contract Implementation {

     address constant public owner = address(0); //initialized an address variable at slot 0 with default value of 0 address

    function callContract(address a, bytes calldata _calldata) payable external returns (bytes memory) {
        (bool success , bytes memory ret) =  a.call{value: msg.value}(_calldata);
        require(success);
        return ret;
    }

    function delegatecallContract(address a, bytes calldata _calldata) payable external returns (bytes memory) {
        require(msg.sender == owner); //implement access control
        (bool success, bytes memory ret) =  a.delegatecall(_calldata);
        require(success);
        return ret;
    }
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment