Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

apegurus/delegatecall-untrusted-callee

Name: delegatecall-untrusted-callee
Author: apegurus

skills/vulnerability-patterns/delegatecall-untrusted-callee/SKILL.md

Contract uses delegatecall with potentially untrusted callee

development

Updated May 13, 2026

$ install --global

skillsauth

npx skillsauth add apegurus/solidity-argus delegatecall-untrusted-callee

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: May 13, 2026, 3:25 AM155.2s1 file scanned

SKILL.md

name:: delegatecall-untrusted-callee
description:: Delegatecall usage where callee trust boundary must be verified
pattern_category:: delegatecall
- regex:: delegatecall
severity:: High
confidence:: High
swc:: SWC-112

Delegatecall to Untrusted Callee

Preconditions

Contract uses delegatecall
The target address of the delegatecall is derived from user input, function parameters, or a mutable state variable settable by non-admin users
OR: a proxy pattern where the implementation address can be changed by unauthorized parties

Vulnerable Pattern

// User-controlled delegatecall target
function forward(address callee, bytes calldata data) external {
    // Attacker supplies callee = malicious contract
    // Malicious contract overwrites storage (e.g., slot 0 = owner)
    (bool success,) = callee.delegatecall(data);
    require(success);
}

// Proxy with unprotected implementation setter
function setImplementation(address _impl) external {
    // Missing: require(msg.sender == admin)
    implementation = _impl;
}

Detection Heuristics

Search for all delegatecall invocations in the codebase
For each, trace the target address: is it hardcoded, immutable, admin-only settable, or user-influenced?
If the target comes from a function parameter, calldata, or storage variable — check that only authorized roles can set it
For proxy contracts, verify that upgradeTo / setImplementation functions have proper access control
Check storage layout compatibility between the proxy and all possible implementation contracts
Flag any generic forwarding function that passes user-supplied addresses to delegatecall

False Positives

delegatecall target is hardcoded or immutable (e.g., address immutable IMPL)
Target is set only in the constructor and cannot be changed
Target is restricted to a whitelist of audited contracts
Standard proxy patterns (EIP-1967, UUPS, TransparentProxy) with proper access control on upgrades

Remediation

Restrict delegatecall targets to trusted, immutable, or admin-only-settable addresses
Use established proxy patterns (OpenZeppelin TransparentProxy, UUPS) with proper access control
Never expose delegatecall with a user-supplied target address
Verify storage layout compatibility between proxy and implementation contracts using tools like OpenZeppelin's storage layout checker

// Safe: immutable implementation
address immutable implementation;
constructor(address _impl) {
    implementation = _impl;
}
fallback() external payable {
    (bool s,) = implementation.delegatecall(msg.data);
    require(s);
}

Related Skills

apegurus/vector-scan

testing

VerifiedTrustedCommunity

Specialist profile for mechanically applying the attack-vector deck and classifying vectors as skip, drop, or investigate.

SKILL.mdUpdated May 30, 2026

apegurus/periphery

tools

VerifiedTrustedCommunity

Specialist profile for libraries, helpers, base contracts, adapters, encoders, wrappers, and integration glue.

SKILL.mdUpdated May 30, 2026

apegurus/math-precision

testing

VerifiedTrustedCommunity

Specialist profile for rounding, scale, decimal, downcast, and arithmetic accounting edge cases.

SKILL.mdUpdated May 30, 2026

apegurus/math-precision

apegurus/invariant

testing

VerifiedTrustedCommunity

Specialist profile for extracting conservation laws and state couplings, then searching for violating paths.

SKILL.mdUpdated May 30, 2026

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/apegurus/solidity-argus.git

# Copy into Claude Code skills folder (global)
cp -r solidity-argus/skills/vulnerability-patterns/delegatecall-untrusted-callee ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

apegurus/solidity-argus

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT

apegurus/delegatecall-untrusted-callee

skills/vulnerability-patterns/delegatecall-untrusted-callee/SKILL.md

Contract uses delegatecall with potentially untrusted callee

development

Updated May 13, 2026

$ install --global

skillsauth

npx skillsauth add apegurus/solidity-argus delegatecall-untrusted-callee

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: May 13, 2026, 3:25 AM155.2s1 file scanned

SKILL.md

name:: delegatecall-untrusted-callee
description:: Delegatecall usage where callee trust boundary must be verified
pattern_category:: delegatecall
- regex:: delegatecall
severity:: High
confidence:: High
swc:: SWC-112

Delegatecall to Untrusted Callee

Preconditions

Contract uses delegatecall
The target address of the delegatecall is derived from user input, function parameters, or a mutable state variable settable by non-admin users
OR: a proxy pattern where the implementation address can be changed by unauthorized parties

Vulnerable Pattern

// User-controlled delegatecall target
function forward(address callee, bytes calldata data) external {
    // Attacker supplies callee = malicious contract
    // Malicious contract overwrites storage (e.g., slot 0 = owner)
    (bool success,) = callee.delegatecall(data);
    require(success);
}

// Proxy with unprotected implementation setter
function setImplementation(address _impl) external {
    // Missing: require(msg.sender == admin)
    implementation = _impl;
}

Detection Heuristics

Search for all delegatecall invocations in the codebase
For each, trace the target address: is it hardcoded, immutable, admin-only settable, or user-influenced?
If the target comes from a function parameter, calldata, or storage variable — check that only authorized roles can set it
For proxy contracts, verify that upgradeTo / setImplementation functions have proper access control
Check storage layout compatibility between the proxy and all possible implementation contracts
Flag any generic forwarding function that passes user-supplied addresses to delegatecall

False Positives

delegatecall target is hardcoded or immutable (e.g., address immutable IMPL)
Target is set only in the constructor and cannot be changed
Target is restricted to a whitelist of audited contracts
Standard proxy patterns (EIP-1967, UUPS, TransparentProxy) with proper access control on upgrades

Remediation

Restrict delegatecall targets to trusted, immutable, or admin-only-settable addresses
Use established proxy patterns (OpenZeppelin TransparentProxy, UUPS) with proper access control
Never expose delegatecall with a user-supplied target address
Verify storage layout compatibility between proxy and implementation contracts using tools like OpenZeppelin's storage layout checker

// Safe: immutable implementation
address immutable implementation;
constructor(address _impl) {
    implementation = _impl;
}
fallback() external payable {
    (bool s,) = implementation.delegatecall(msg.data);
    require(s);
}

Related Skills

apegurus/vector-scan

testing

VerifiedTrustedCommunity

Specialist profile for mechanically applying the attack-vector deck and classifying vectors as skip, drop, or investigate.

SKILL.mdUpdated May 30, 2026

apegurus/periphery

tools

VerifiedTrustedCommunity

Specialist profile for libraries, helpers, base contracts, adapters, encoders, wrappers, and integration glue.

SKILL.mdUpdated May 30, 2026

apegurus/math-precision

testing

VerifiedTrustedCommunity

Specialist profile for rounding, scale, decimal, downcast, and arithmetic accounting edge cases.

SKILL.mdUpdated May 30, 2026

apegurus/math-precision

apegurus/invariant

testing

VerifiedTrustedCommunity

Specialist profile for extracting conservation laws and state couplings, then searching for violating paths.

SKILL.mdUpdated May 30, 2026

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/apegurus/solidity-argus.git

# Copy into Claude Code skills folder (global)
cp -r solidity-argus/skills/vulnerability-patterns/delegatecall-untrusted-callee ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

apegurus/solidity-argus

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT