delegatecall risks of clash due to structure storage #100
Replies: 2 comments 2 replies
-
Hello Alex, thank you for taking the time to flag this issue.
yes
The same function
Interesting idea. I can see the benefit, although I need to weigh the trade-offs, e.g., increased gas cost and more complicated API.
Could you please share an example of how this is done in practice? |
Beta Was this translation helpful? Give feedback.
-
This is no longer a problem since the latest PRs: I have completely removed the proxy's storage - the |
Beta Was this translation helpful? Give feedback.
-
Happy Saturday Paul, I was checking your code as I have worked on something similar, and noticed that your contracts are
delegatecall
ing into an arbitrary target.https://github.com/PaulRBerg/prb-proxy/blob/af820a73eb8796f0b45382751c45b11a7c0d3ebc/src/PRBProxy.sol#LL100C31-L100C48
I assume this is to allow the extension of logic via
delegatecall
While the fallback is meant to only work with plugins, which will inherit the same Storage Strcuture, the
delegatecall
inexecute
looks unsafe, and has a very high likelihood of resulting in a storage clash.From my research, it would be best to use a pseudo-random storage slot for all of the storage (just put all the values into a struct), at a pseudo-random location, which is basically what the Diamond Proxy Pattern does.
Hoping this helps
Beta Was this translation helpful? Give feedback.
All reactions