bartubozkurt · February 1, 2023 16:33
diff --git a/UnprotectedCallToSelfdestruct.sol b/UnprotectedCallToSelfdestruct.sol
 /* Bad */
 contract Bad {
 	function badDelegate(address _yourContract, bytes calldata _data) payable public returns (bytes memory) {
 	    (bool success, bytes memory data) =  _yourContract.delegatecall(_data);
 	    require(success);
 	    return data;
 	}
 }
 /* Vulnerability
 Anyone can destroy the Bad contract using by “selfdestruct” 
 because in the context of delegatecall, 
 msg.sender will be BadContract even the caller is anyone.
 */

 /* Better */
 contract Good {
 	mapping(address => bool) whitelist; //add
 	function goodDelegate(address _yourContract, bytes calldata _data) payable public returns (bytes memory) {
 	    require(whitelist[msg.sender]); //add
 	    (bool success, bytes memory data) =  _yourContract.delegatecall(_data);
 	    require(success);
 	    return data;
 	}
 }
	/* Bad */
	contract Bad {
	function badDelegate(address _yourContract, bytes calldata _data) payable public returns (bytes memory) {
	(bool success, bytes memory data) = _yourContract.delegatecall(_data);
	require(success);
	return data;
	}
	}
	/* Vulnerability
	Anyone can destroy the Bad contract using by “selfdestruct”
	because in the context of delegatecall,
	msg.sender will be BadContract even the caller is anyone.
	*/

	/* Better */
	contract Good {
	mapping(address => bool) whitelist; //add
	function goodDelegate(address _yourContract, bytes calldata _data) payable public returns (bytes memory) {
	require(whitelist[msg.sender]); //add
	(bool success, bytes memory data) = _yourContract.delegatecall(_data);
	require(success);
	return data;
	}
	}