The blockchain ecosystem, constantly evolving and advancing, has recently encountered a significant security hurdle – the ERC-2771 Delegatecall Vulnerability. This issue, discovered within the integration of ERC-2771 and Multicall standards, poses a substantial risk to contracts that implement these standards concurrently. This article delves into the technicalities of this vulnerability, exploring its mechanics, risks, and mitigation strategies.
Understanding the ERC-2771 Standard
ERC-2771 is a protocol designed for authenticating users in transactions relayed through a third party. It plays a pivotal role in reducing transaction costs and streamlining operations on the blockchain. However, this convenience comes with a hidden risk.
The standard operates through a sequence of steps:
User Request Signing: Users sign their transaction requests, embedding a signature within the transaction payload.
Relay Contract Verification: A relay contract, known as the Trusted Forwarder, authenticates the signature and appends the user’s address to the transaction data (calldata).
Target Contract Decoding: The final recipient contract decodes the user’s address from this data. A typical decoding process in ERC-2771 look like this:
The Multicall Method and Its Complications
A typical implementation of a multicall function further exposes the system to this vulnerability. In such implementations, delegateCall() is executed within a loop, targeting the contract itself. However, this leads to _msgSender() yielding the last 20 bytes of data[i], which could be manipulated by an attacker to spoof the identity of the original transaction signer A typical Multicall function vulnerable to this exploit would look as follows:
The Attack Visualized
Â
Proactive Measures and Solutions
In response to this discovery, teams like OpenZeppelin have spearheaded efforts to identify and mitigate these risks. OpenZeppelin, for instance, released an update in its Contracts library to safely integrate Multicall with ERC2771Context. This update introduces a context suffix length for ERC2771Context data, ensuring proper identification and adaptation of calls from a trusted forwarder.
Â
Conclusion
The discovery of the ERC-2771 and Multicall vulnerability underscores the ever-present need for vigilance and continuous improvement in blockchain security. As the technology evolves, so do the challenges and complexities associated with maintaining a secure and trustworthy environment. Through collective effort and shared knowledge, the blockchain community continues to strengthen its defenses against such vulnerabilities, paving the way for a more secure and efficient future in decentralized technology.