Thomas Jay Rush
Jul 20, 2017 · 1 min read

I would like to see ‘call’ and ‘delegatecall’ disallowed in Solidity unless there is a #pragma at the start of the code saying something like #pragma unsafe. The two biggest exploits (by far), this one and the DAO, have been related to either ‘call’ or ‘delegatecall.’ If these were “off by default” auditing would be easier. I think you’ve slightly misrepresented what happened too. Didn’t the fallback function contain a delegate call which allowed arbitrary code to be executed. It’s my understanding that the attacker entered through the fallback function’s delegatecall. Might be wrong on that.

)

    Thomas Jay Rush

    Written by

    Blockchain Enthusiast, Founder TrueBlocks, LLC and Philadelphia Ethereum Meetup, MS Computer Science UPenn