Definition

Delegatecall Vulnerabilities

Meaning ⎊ Risks stemming from the delegatecall opcode allowing external code to modify the caller's storage and state.
Greeks.liveApril 12, 2026

Delegatecall Vulnerabilities

Delegatecall vulnerabilities arise from the misuse of the delegatecall opcode in Ethereum-based smart contracts, which allows a contract to execute code from another contract while maintaining its own storage and context. When a contract calls another via delegatecall, the called contract can modify the state variables of the calling contract, which can be catastrophic if the target contract is untrusted or improperly implemented.

This is a common attack vector in proxy patterns where the implementation contract might be malicious or have a function signature that overlaps with the proxy's storage-sensitive functions. If an attacker can influence the address passed to delegatecall, they can effectively take full control of the proxy contract, including the ability to change the implementation address or withdraw funds.

Proper mitigation requires strict validation of the target address, careful management of storage layouts, and ensuring that implementation contracts cannot be initialized directly. These vulnerabilities represent a fundamental risk in modular contract architectures where state and logic are decoupled.

Protocol Smart Contract Risk
Vulnerability Severity Metrics
Post-Exploit Remediation
Smart Contract Vulnerability Patching
Code Remediation Process
Asset Wrapping Vulnerabilities
Responsible Disclosure Frameworks
Validator Set Vulnerabilities

Glossary

Storage Layout

Architecture ⎊ Storage layout, within cryptocurrency and derivatives, fundamentally concerns the organization of data pertaining to account states, order books, and transaction histories.