Jorge Izquierdo
Jul 20, 2017 · 1 min read

The attack could have been prevented setting the `internal` function as `internal` or performing checks that it was already initialized.

Having a `delegatecall` only made it harder to see it by casual readers, but if that code would have been in the main contract instead of the library, it would have been vulnerable too.

IMO, there is a ton of value in being able to do catch-all forwards with delegatecalls and we really shouldn’t be blaming the technique for this hack nor considering delegatecall forwarders an anti-pattern.

)

Jorge Izquierdo

Written by

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade