Ethernaut Telephone

The Tx.Origin

A lot of securing a smart contract, comes from implementing access controls to its logic. For sensible functions, for instance, withdrawing funds, you want to make sure only the authorised wallet/person, is able to call this function successfully, most of the times the person being the owner of the contract.

There are a small set of ways one can check who is the caller of a given function. In this scenario we will be looking at the Transaction object context and why its Origin attribute is not safe to rely on. Refer below for the next challenge code:

The Transaction and the Message Object

The Transaction Object (tx) provides a means of accessing transaction-related information, when EVM execute smart contract code, namely:

tx.gasprice: The gas price in the calling transaction.

tx.origin: The address of the originating address for this transaction.

The Message Object is the transaction call (EOA-External Owned Account originated) or message call…