Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

tx.origin may be removed in future and its usage for contract check is not recommended #131

Closed
code423n4 opened this issue Jun 9, 2023 · 8 comments
Labels
bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue grade-b primary issue Highest quality submission among a set of duplicates QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax satisfactory satisfies C4 submission criteria; eligible for awards sponsor disputed Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue

Comments

@code423n4
Copy link
Contributor

Lines of code

https://github.com/ethereum-optimism/optimism/blob/382d38b7d45bcbf73cb5e1e3f28cbd45d24e8a59/packages/contracts-bedrock/contracts/L1/OptimismPortal.sol#L465

Vulnerability details

Impact

There is a chance that tx.origin will be removed from the Ethereum protocol in the future, so code that uses tx.origin for authentication must be avoid using it.

There is also some EIPs being proposed for change/remove of tx.origin.

ethereum/EIPs#637

https://www.reddit.com/r/ethereum/comments/6d11lv/erc_about_txorigin_change_for_account_abstraction/

In OptimismPortal.sol,

File: contracts/L1/OptimismPortal.sol

464        address from = msg.sender;
465        if (msg.sender != tx.origin) {
466            from = AddressAliasHelper.applyL1ToL2Alias(msg.sender);
467        }

Here, it checks for contract adress by checking msg.sender != tx.origin. These can not work in future if the new EIPs concerning to remove tx.origin removal due to security issues got approved and tx.origin is removed from Ethereum protocol.

Refer this openzeppelin discussion for more information

Proof of Concept

https://github.com/ethereum-optimism/optimism/blob/382d38b7d45bcbf73cb5e1e3f28cbd45d24e8a59/packages/contracts-bedrock/contracts/L1/OptimismPortal.sol#L465

Tools Used

Manual review

Recommended Mitigation Steps

Change the code as below,

        address from = msg.sender;
-        if (msg.sender != tx.origin) {
+        if (msg.sender.code.length > 0) {
            from = AddressAliasHelper.applyL1ToL2Alias(msg.sender);
        }

Assessed type

Other

@code423n4 code423n4 added 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working labels Jun 9, 2023
code423n4 added a commit that referenced this issue Jun 9, 2023
@c4-judge
Copy link
Contributor

0xleastwood marked the issue as primary issue

@c4-judge c4-judge added the primary issue Highest quality submission among a set of duplicates label Jun 16, 2023
@c4-judge
Copy link
Contributor

0xleastwood marked the issue as satisfactory

@c4-judge c4-judge added the satisfactory satisfies C4 submission criteria; eligible for awards label Jun 16, 2023
@c4-judge
Copy link
Contributor

0xleastwood marked the issue as selected for report

@c4-judge c4-judge added the selected for report This submission will be included/highlighted in the audit report label Jun 16, 2023
@anupsv
Copy link

anupsv commented Jun 22, 2023

EIP still to be implemented.

@c4-sponsor c4-sponsor added the sponsor disputed Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue label Jun 22, 2023
@c4-sponsor
Copy link

anupsv marked the issue as sponsor disputed

@0xleastwood
Copy link

Treating this as low risk because the contract is upgradeable and assumes that this EIP will be implemented in the near future.

@c4-judge
Copy link
Contributor

0xleastwood changed the severity to QA (Quality Assurance)

@c4-judge c4-judge added downgraded by judge Judge downgraded the risk level of this issue QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax and removed 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value selected for report This submission will be included/highlighted in the audit report labels Jun 28, 2023
@c4-judge
Copy link
Contributor

0xleastwood marked the issue as not selected for report

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue grade-b primary issue Highest quality submission among a set of duplicates QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax satisfactory satisfies C4 submission criteria; eligible for awards sponsor disputed Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue
Projects
None yet
Development

No branches or pull requests

6 participants