You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: vulnerabilities/authorization-txorigin.md
+18-7Lines changed: 18 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -3,7 +3,10 @@
3
3
`tx.origin` is a global variable in Solidity which returns the address that sent a transaction. It's important that you never use `tx.origin` for authorization since another contract can use a fallback function to call your contract and gain authorization since the authorized address is stored in `tx.origin`. Consider this example:
4
4
5
5
```solidity
6
-
pragma solidity >=0.5.0 <0.7.0;
6
+
7
+
// SPDX-License-Identifier: MIT
8
+
9
+
pragma solidity ^0.8.0;
7
10
8
11
// THIS CONTRACT CONTAINS A BUG - DO NOT USE
9
12
contract TxUserWallet {
@@ -23,26 +26,34 @@ contract TxUserWallet {
23
26
Here we can see that the `TxUserWallet` contract authorizes the `transferTo()` function with `tx.origin`.
24
27
25
28
```solidity
26
-
pragma solidity >=0.5.0 <0.7.0;
29
+
30
+
// SPDX-License-Identifier: MIT
31
+
32
+
pragma solidity ^0.8.0;
27
33
28
34
interface TxUserWallet {
29
35
function transferTo(address payable dest, uint amount) external;
30
36
}
31
37
32
38
contract TxAttackWallet {
33
-
address payable owner;
39
+
address payable private immutable owner;
34
40
35
-
constructor() public {
36
-
owner = msg.sender;
41
+
// Constructor sets the contract deployer as the owner
42
+
constructor() {
43
+
owner = payable(msg.sender);
37
44
}
38
45
39
-
function() external {
46
+
// fallback function to receive Ether and trigger transfer
47
+
48
+
fallback() external payable {
49
+
// Call transferTo on TxUserWallet (msg.sender) to send its balance to owner
Now if someone were to trick you into sending ether to the `TxAttackWallet` contract address, they can steal your funds by checking `tx.origin`to find the address that sent the transaction.
56
+
Now if someone were to trick your 'TxUserWallet' contract into sending ether to the `TxAttackWallet` contract, they can steal all funds from 'TxUserWallet' by passing the `tx.origin`check.
46
57
47
58
To prevent this kind of attack, use `msg.sender` for authorization.
0 commit comments