15.SWC-115_tx.origin
2023-07-13 16:11:32
# 09.SWC
SWC-115_tx.origin
Authorization through tx.origin
Description:
tx.origin
is a global variable in Solidity which returns the address of the account that sent the transaction. Using the variable for authorization could make a contract vulnerable if an authorized account calls into a malicious contract. A call could be made to the vulnerable contract that passes the authorization check sincetx.origin
returns the original sender of the transaction which in this case is the authorized account.Remediation:
tx.origin
should not be used for authorization. Usemsg.sender
instead.
vulnerability contract:
1 | pragma solidity 0.4.24; |