Improper Input Validation
| Property | |
|---|---|
| Language | solidity |
| Severity |  |
| CWE | CWE-20: Improper Input Validation |
| Confidence Level | Low |
| Impact Level | High |
| Likelihood Level | High |
Description#
The contract uses delegatecall with an address provided by external input, allowing untrusted users to execute code in the context of your contract. This means attackers can control what code runs and access your contract’s storage.
Impact#
If exploited, an attacker could execute arbitrary code with your contract’s privileges, potentially stealing funds, corrupting data, or taking full control of the contract. This could lead to significant financial loss and compromise the security of your entire dApp or platform.