Tx.origin

Published by Mario Oettler on

Last Updated on 7. September 2024 by Mario Oettler

Gegeben ist folgender Smart Contract:

Sie finden den Code auch in der Datei 02_TX_Origin_Vulnerable.sol.

pragma solidity ^0.8.26;
contract OwnerContract{
    address public owner;
    address public txOrigin;
    address public msgSender;
         
    constructor() {
        owner = msg.sender;
    }
     
    function claimOwnership(address _owner) public{
         
        txOrigin = tx.origin;
        msgSender = msg.sender;
         
        if(tx.origin != msg.sender){
            owner = _owner;
        }
    }
}

Versuchen Sie, eine beliebige Adresse als owner einzutragen.

Lösung

tx.origin sollte nie! zur Authentifikation genutzt werden, da ein Angreifer-Smart-Contract diese Adresse weiterreichen kann, ohne dass Sie davon erfahren.

Categories:

https://blockchain-academy.hs-mittweida.de/wp-content/uploads/2021/04/logo_bcam_rgb_gross.png

Welcome

Blockchain Academy

Continue with credential

No account yet?

Powered by Hidy

Register with Hidy


Register
Sign in

We need the following credential to register:

please select:

To create a new account, we need the following data from you:

We would appreciate the following additional information from you for the creation of your account:

Welcome

Blockchain Academy

Continue with credential

Already have an account?

Powered by Hidy

Sign in with Hidy


Register
Sign in

We need the following credential to log in:

please select: