Skip to content

Latest commit

 

History

History
13 lines (7 loc) · 677 Bytes

File metadata and controls

13 lines (7 loc) · 677 Bytes

Authorization through tx.origin

Description:

tx.origin is a global variable in Solidity which returns the address of the account that sent the transaction. Using the variable for authorization could make a contract vulnerable if an authorized account calls into a malicious contract. A call could be made to the vulnerable contract that passes the authorization check since tx.origin returns the original sender of the transaction which in this case is the authorized account.

Remediation:

tx.origin should not be used for authorization. Use msg.sender instead.

References:

https://swcregistry.io/docs/SWC-115