tx.origin may be removed in future and its usage for contract check is not recommended #131
Labels
bug
Something isn't working
downgraded by judge
Judge downgraded the risk level of this issue
grade-b
primary issue
Highest quality submission among a set of duplicates
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
satisfactory
satisfies C4 submission criteria; eligible for awards
sponsor disputed
Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue
Lines of code
https://github.com/ethereum-optimism/optimism/blob/382d38b7d45bcbf73cb5e1e3f28cbd45d24e8a59/packages/contracts-bedrock/contracts/L1/OptimismPortal.sol#L465
Vulnerability details
Impact
There is a chance that tx.origin will be removed from the Ethereum protocol in the future, so code that uses tx.origin for authentication must be avoid using it.
There is also some EIPs being proposed for change/remove of tx.origin.
ethereum/EIPs#637
https://www.reddit.com/r/ethereum/comments/6d11lv/erc_about_txorigin_change_for_account_abstraction/
In OptimismPortal.sol,
Here, it checks for contract adress by checking msg.sender != tx.origin. These can not work in future if the new EIPs concerning to remove tx.origin removal due to security issues got approved and tx.origin is removed from Ethereum protocol.
Refer this openzeppelin discussion for more information
Proof of Concept
https://github.com/ethereum-optimism/optimism/blob/382d38b7d45bcbf73cb5e1e3f28cbd45d24e8a59/packages/contracts-bedrock/contracts/L1/OptimismPortal.sol#L465
Tools Used
Manual review
Recommended Mitigation Steps
Change the code as below,
Assessed type
Other
The text was updated successfully, but these errors were encountered: