README.md

EIP7702 Goat

Intentionally vulnerable code with potential pitfalls in custom contracts for EIP7702 delegate accounts.

Quick overview

• DelegateContractV0
  • Missing receive function
  • Lack of access controls in execute => anyone can execute calls
  • Allows reentrant calls
• DelegateContractV1
  • Uses constructor instead of initialization function => cannot set guardians
• DelegateContractV2
  • Initialization can be frontrun
  • Can be reinitialized
• DelegateContractV3
  • Initialization signature may be reused in another chain.
• DelegateContractV4
  • Storage collision between paused and init if deployed as an upgrade of V3. Account may start paused and initialized.
• DelegateContractV5
  • Lack of nonce management allows signature replays => oneTimeSend can be used to drain the account.
• DelegateContractV6
  • Anything bad here?

Resources

• github.com/ithacaxyz/odyssey-examples
• EIP-7702: a technical deep dive by lightclient
• ithaca.xyz/writings/exp-0001
• ithaca.xyz/writings/exp-0002
• github.com/ithacaxyz/account
• EIP-7702 with Scaffold-ETH 2
• Basic EOA Batch Executor by @optimizoor

Disclaimer

All code in this repository is intentionally vulnerable and for educational purposes only. DO NOT USE IN PRODUCTION.