Bnke0x0
low
tx.origin is a global variable in Solidity that returns the address of the account that sent the transaction.
Using the variable could make a contract vulnerable if an authorized account calls a malicious contract. You can impersonate a user using a third party contract.
This can make it easier to create a vault on behalf of another user with an external administrator (by receiving it as an argument). Sources:
- https://solidity-by-example.org/hacks/phishing-with-tx-origin/
- https://medium.com/coinmonks/solidity-tx-origin-attacks-58211ad95514
- https://blog.sigmaprime.io/solidity-security.html#tx-origin
https://github.com/sherlock-audit/2023-01-optimism/blob/main/optimism/packages/contracts-bedrock/contracts/L1/OptimismPortal.sol#L376 => 'if (msg.sender != tx.origin) {'
https://github.com/sherlock-audit/2023-01-optimism/blob/main/optimism/packages/contracts-bedrock/contracts/L1/OptimismPortal.sol#L341 => if (success == false && tx.origin == Constants.ESTIMATION_ADDRESS) {
https://github.com/sherlock-audit/2023-01-optimism/blob/main/optimism/packages/contracts-bedrock/contracts/universal/CrossDomainMessenger.sol#L339 => if (tx.origin == Constants.ESTIMATION_ADDRESS) {
Manual Review