Skip to content

theredguild/7702-goat

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
.devcontainer
.devcontainer
 
 
lib
lib
 
 
src
src
 
 
.gitignore
.gitignore
 
 
.gitmodules
.gitmodules
 
 
README.md
README.md
 
 
foundry.toml
foundry.toml
 
 
remappings.txt
remappings.txt
 
 

Repository files navigation

EIP7702 Goat

Intentionally vulnerable code with potential pitfalls in custom contracts for EIP7702 delegate accounts.

Quick overview

  • DelegateContractV0
    • Missing receive function
    • Lack of access controls in execute => anyone can execute calls
    • Allows reentrant calls
  • DelegateContractV1
    • Uses constructor instead of initialization function => cannot set guardians
  • DelegateContractV2
    • Initialization can be frontrun
    • Can be reinitialized
  • DelegateContractV3
    • Initialization signature may be reused in another chain.
  • DelegateContractV4
    • Storage collision between paused and init if deployed as an upgrade of V3. Account may start paused and initialized.
  • DelegateContractV5
    • Lack of nonce management allows signature replays => oneTimeSend can be used to drain the account.
  • DelegateContractV6
    • Anything bad here?

Resources

Disclaimer

All code in this repository is intentionally vulnerable and for educational purposes only. DO NOT USE IN PRODUCTION.

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Languages