Jul 20, 2017 · 1 min read
The attack could have been prevented setting the `internal` function as `internal` or performing checks that it was already initialized.
Having a `delegatecall` only made it harder to see it by casual readers, but if that code would have been in the main contract instead of the library, it would have been vulnerable too.
IMO, there is a ton of value in being able to do catch-all forwards with delegatecalls and we really shouldn’t be blaming the technique for this hack nor considering delegatecall forwarders an anti-pattern.
