delegatecall executes code from another contract using the callers storage context

# delegatecall executes code from another contract using the callers storage context The `DELEGATECALL` opcode executes code from a target address while preserving the calling contract's storage, `msg.sender`, and `msg.value`. This is the foundation of all proxy patterns — the proxy holds state while the implementation provides logic. Every state write during delegatecall lands in the proxy's storage slots, creating the fundamental requirement that [[storage layout must remain consistent across proxy implementation versions]]. This mechanism enables upgradeability but creates the attack surface for [[unrestricted delegatecall allowing user-specified target addresses enables fund drainage and state manipulation|unrestricted delegatecall attacks]], [[storage layout must remain consistent across proxy implementation versions|storage collisions]], and [[selfdestruct in implementation contracts can permanently brick proxy systems|implementation destruction]]. In CPIMP attacks, since [[double-delegation chains in CPIMP attacks forward all calls to the legitimate implementation preserving normal protocol functionality while granting hidden attacker control]], two delegatecall hops are chained — the proxy delegatecalls the shadow implementation, which delegatecalls the legitimate implementation — creating a hidden intermediary invisible in normal operation. --- Relevant Notes: - [[storage layout must remain consistent across proxy implementation versions]] — the storage consistency requirement this creates - [[unrestricted delegatecall allowing user-specified target addresses enables fund drainage and state manipulation]] — the primary attack when targets are unvalidated - [[selfdestruct in implementation contracts can permanently brick proxy systems]] — the destruction risk for proxy targets - [[double-delegation chains in CPIMP attacks forward all calls to the legitimate implementation preserving normal protocol functionality while granting hidden attacker control]] — the attack architecture that chains two delegatecalls to create a hidden intermediary that preserves normal functionality as cover Topics: - [[evm-internals]] - [[solidity-behaviors]]