The use of delegatecall within a loop, in the context of a payable function, can lead to the repeated crediting of the msg.value amount, potentially causing unexpected behavior or loss of funds.
contract DelegatecallInLoop is Multicall {
mapping (address => uint256) public balances;
function addBalance(address a) public payable {
balances[a] += msg.value;
}
}
If addBalances() is called with multiple receivers, the same msg.value will be reused for each recipient even though the corresponding ETH for only one recipient is sent.
For example:
Pass the data [“0xb5cef24a00000000000000000000000078731d3ca6b7e34ac0f824c42a7cc18a495cabab”, “0xb5cef24a0000000000000000000000005b38da6a701c568545dcfcb03fcb875f56beddc4”, “0xb5cef24a000000000000000000000000ab8483f64d9c6d1ecf9b849ae677dd3315835cb2”] and the msg.value will be reflected in the balances of three accounts.
Remix
Carefully check that the function called by delegatecall is not payable/doesn’t use msg.value.
call/delegatecall
The text was updated successfully, but these errors were encountered:
All reactions