From 0958f1b01329396da00af75c7e3960047f06d78a Mon Sep 17 00:00:00 2001 From: Oba Date: Thu, 14 Nov 2024 17:32:07 +0100 Subject: [PATCH] Update solidity_contracts/src/CairoPrecompiles/DualVmToken.sol Co-authored-by: Mathieu <60658558+enitrat@users.noreply.github.com> --- solidity_contracts/src/CairoPrecompiles/DualVmToken.sol | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/solidity_contracts/src/CairoPrecompiles/DualVmToken.sol b/solidity_contracts/src/CairoPrecompiles/DualVmToken.sol index 16ffab19a..779eb2e10 100644 --- a/solidity_contracts/src/CairoPrecompiles/DualVmToken.sol +++ b/solidity_contracts/src/CairoPrecompiles/DualVmToken.sol @@ -9,10 +9,11 @@ import {NoDelegateCall} from "../Security/NoDelegateCall.sol"; /// @dev This implementation is highly experimental /// It relies on CairoLib to perform Cairo precompile calls /// Events are emitted in this contract but also in the Starknet token contract -/// @dev External functions are to prevent a user making an EVM call to a malicious contract, +/// @dev External functions are `NoDelegateCall` to prevent a user making an EVM call to a malicious contract, /// with any calldata, that would be able to directly control on their behalf any quantity of any one of the ERC20 /// tokens held by the victim's account contract, with the sole condition that the ERC20 has an /// authorized DualVmToken wrapper. +/// This is blocked at the protocol level, but made explicit at the contract level /// @author Kakarot /// @author Modified from Solmate (https://github.com/transmissions11/solmate/blob/main/src/tokens/ERC20.sol) contract DualVmToken is NoDelegateCall {