In theory, a malicious TokenTransferDelegatee could implement the transfer function to execute code in the caller contract, included a self-destruct. Does it make sense?
Yes, but I am aiming to the next Ethereum Cancun hard-fork, where selfdestruct will not delete smart contracts anymore. Delegatecall opens unlimit possibilities comparing to any other measures.
1 Like