refactor: WithUNSAFECallerAddressProxying() instead of ForceDelegate

ARR4N · ARR4N · commit d487b268bbb2 · 2024-09-27T19:07:27.000+01:00
This matches the pattern used by `ava-labs/coreth` `NativeAssetCall`.
diff --git a/core/vm/contracts.libevm.go b/core/vm/contracts.libevm.go
@@ -220,23 +220,24 @@ func (args *evmCallArgs) Call(addr common.Address, input []byte, gas uint64, val
 	// methods to pass to [EVMInterpreter.Run], which are then propagated by the
 	// *CALL* opcodes as the caller.
 	precompile := NewContract(args.caller, AccountRef(args.self()), args.value, args.gas)
+	if args.delegation == delegated {
+		precompile = precompile.AsDelegate()
+	}
+	var caller ContractRef = precompile
 
-	asDelegate := args.delegation == delegated // precompile was DELEGATECALLed
 	for _, o := range opts {
 		switch o := o.(type) {
-		case callOptForceDelegate:
-			// See documentation of [WithUNSAFEForceDelegate].
-			asDelegate = true
+		case callOptUNSAFECallerAddressProxy:
+			// Note that, in addition to being unsafe, this breaks an EVM
+			// assumption that the caller ContractRef is always a *Contract.
+			caller = AccountRef(args.caller.Address())
 		case nil:
 		default:
 			return nil, gas, fmt.Errorf("unsupported option %T", o)
 		}
 	}
-	if asDelegate {
-		precompile = precompile.AsDelegate()
-	}
 
-	return args.evm.Call(precompile, addr, input, gas, value)
+	return args.evm.Call(caller, addr, input, gas, value)
 }
 
 var (
diff --git a/core/vm/options.libevm.go b/core/vm/options.libevm.go
@@ -21,16 +21,18 @@ type CallOption interface {
 	libevmCallOption() // noop to only allow internally defined options
 }
 
-// WithUNSAFEForceDelegate results in precompiles making contract calls acting
-// as if they themselves were DELEGATECALLed. This is not safe for regular use
-// as the precompile will act as its own caller even when not expected to.
+// WithUNSAFECallerAddressProxying results in precompiles making contract calls
+// specifying their own caller's address as the caller. This is NOT SAFE for
+// regular use as callers of the precompile may not understand that they are
+// escalating the precompile's privileges.
 //
 // Deprecated: this option MUST NOT be used other than to allow migration to
 // libevm when backwards compatibility is required.
-func WithUNSAFEForceDelegate() CallOption {
-	return callOptForceDelegate{}
+func WithUNSAFECallerAddressProxying() CallOption {
+	return callOptUNSAFECallerAddressProxy{}
 }
 
-type callOptForceDelegate struct{}
+// Deprecated: see [WithUNSAFECallerAddressProxying].
+type callOptUNSAFECallerAddressProxy struct{}
 
-func (callOptForceDelegate) libevmCallOption() {}
+func (callOptUNSAFECallerAddressProxy) libevmCallOption() {}
