Please note, this content is no longer actively maintained.
The content of the SWC registry has not been thoroughly updated since 2020. It is known to be incomplete and may contain errors as well as crucial omissions.
For currently maintained guidance on known Smart Contract vulnerabilities written primarily as guidance for security reviewers, please see the EEA EthTrust Security Levels specification. As well as the latest release version, an Editor's draft is available, that represents the latest work of the group developing the specification.
General guidance for developers on what to consider to ensure security, that is currently maintained, is also available through the Smart Contract Security Verification Standard (SCSVS).
Title
Authorization through tx.origin
Relationships
- CWE-477: Use of Obsolete Function
- EEA EthTrust Security Levels:
- [S] No
tx.origin - [Q] Verify
tx.originUsage
Description
tx.origin is a global variable in Solidity which returns the address of the account that sent the transaction. Using the variable for authorization could make a contract vulnerable if an authorized account calls into a malicious contract. A call could be made to the vulnerable contract that passes the authorization check since tx.origin returns the original sender of the transaction which in this case is the authorized account.
Remediation
tx.origin should not be used for authorization. Use msg.sender instead.
References
- Solidity Documentation - tx.origin
- Ethereum Smart Contract Best Practices - Avoid using tx.origin
- SigmaPrime - Visibility
Samples
mycontract.sol
/*
* @source: https://consensys.github.io/smart-contract-best-practices/recommendations/#avoid-using-txorigin
* @author: Consensys Diligence
* Modified by Gerhard Wagner
*/
pragma solidity 0.4.24;
contract MyContract {
address owner;
function MyContract() public {
owner = msg.sender;
}
function sendTo(address receiver, uint amount) public {
require(tx.origin == owner);
receiver.transfer(amount);
}
}
mycontract_fixed.sol
/*
* @source: https://consensys.github.io/smart-contract-best-practices/recommendations/#avoid-using-txorigin
* @author: Consensys Diligence
* Modified by Gerhard Wagner
*/
pragma solidity 0.4.25;
contract MyContract {
address owner;
function MyContract() public {
owner = msg.sender;
}
function sendTo(address receiver, uint amount) public {
require(msg.sender == owner);
receiver.transfer(amount);
}
}