Unsafe Delegatecall

What it detects

Delegatecall is dangerous when the target contract is user-controlled or upgradable. This detector highlights delegatecalls that may execute untrusted code or assume a specific storage layout without checks.

Typical symptoms

Delegatecall target is not immutable or validated
Storage collisions possible between caller and callee

Solidity snippet (v0.8.25)

pragma solidity ^0.8.25;

contract Proxy {
    address public impl;

    function upgrade(address newImpl) external {
        impl = newImpl;
    }

    function execute(bytes calldata data) external {
        // Calls whatever impl currently points to
        (bool ok, ) = impl.delegatecall(data);
        require(ok, "fail");
    }
}

Why it matters on EVM

Unsafe delegatecalls can overwrite critical storage slots or transfer control to malicious contracts, compromising the system.

What it detects​

Typical symptoms​

Solidity snippet (v0.8.25)​

Why it matters on EVM​

What it detects

Typical symptoms

Solidity snippet (v0.8.25)

Why it matters on EVM