MultiversX Tracker is Live!

Hidden Risks Lurking in Ethereum's Smart Contract Proxies

Etherum Reddit

More / Etherum Reddit 132 Views

Hey r/Ethereum! As smart contract proxies are becoming more prevalent in the world of blockchain, it's important for end users to stay informed and understand the potential risks associated with them. I wanted to share some essential points that can help you stay safe while navigating this exciting ecosystem.

  1. Function Clashing: Be cautious of function clashing, a potential vulnerability in smart contract proxies. This issue can lead to unintended behavior or exploitation by malicious actors. To spot function clashing, look for function names with seemingly random numbers or letters, like function superSafeFunction96508587, while appearing to be safe. Staying informed about function clashing can help you make more informed decisions when using DApps and other blockchain services.

  2. Uninitialized Proxies: Keep an eye out for uninitialized proxy contracts, which can also pose security risks. To ensure a proxy has been initialized correctly, you can usually check the events of the contract creation transaction, as seen in this example: https://imgur.com/a/sE5sQGC. Alternatively, you can look through the proxy factory code (if available) and confirm that the initialization occurs in the same function as the deployment, as shown in this example: https://imgur.com/a/BjVapeU. Make sure to research and understand the contracts you interact with to minimize your exposure to potential vulnerabilities.

  3. Selfdestruct Functionality: If a contract contains the selfdestruct keyword, it's essential to ensure the developers have taken necessary precautions to prevent potential risks. You can check the contract code for the presence of the selfdestruct keyword to identify this potential issue. Additionally, contracts deployed using the CREATE2 opcode could indicate suspicious activities. You can spot the contract creation using CREATE2 by examining the contract creation transaction on Etherscan. Use this image as guidance: https://imgur.com/a/L2YL14M.

Arming yourself with knowledge about these issues and more is crucial in the ever-evolving blockchain ecosystem. If you're interested in diving deeper into Ethereum smart contract proxies and their implications for both developers and security researchers, I invite you to check out my recently published in-depth article here: https://medium.com/@scourgedev/deep-dive-into-smart-contract-proxies-variants-create-vs-create2-and-security-considerations-7f3454d176a0

Thanks for reading! You can find me on Twitter here: https://twitter.com/0xScourgeDev

TLDR: Watch out for functions with names like superSafeFunction96508587, proxies that are not initialized properly, and implementation contracts that contain selfdestruct.

submitted by /u/ljz3
[link] [comments]
Get BONUS $200 for FREE!

You can get bonuses upto $100 FREE BONUS when you:
πŸ’° Install these recommended apps:
πŸ’² SocialGood - 100% Crypto Back on Everyday Shopping
πŸ’² xPortal - The DeFi For The Next Billion
πŸ’² CryptoTab Browser - Lightweight, fast, and ready to mine!
πŸ’° Register on these recommended exchanges:
🟑 Binance🟑 Bitfinex🟑 Bitmart🟑 Bittrex🟑 Bitget
🟑 CoinEx🟑 Crypto.com🟑 Gate.io🟑 Huobi🟑 Kucoin.



Comments