5 matches found
tx.origin may be removed in future and its usage is not recommended
Lines of code Vulnerability details Impact There is a chance that tx.origin will be removed from the Ethereum protocol in the future, so code that uses tx.origin must be avoid for the authentication purpose. There is also some EIPs being proposed for change/remove of tx.origin. ethereum/EIPs637 I...
tx.origin may be removed in future and its usage is not recommended
Lines of code Vulnerability details Impact There is a chance that tx.origin will be removed from the Ethereum protocol in the future, so code that uses tx.origin must be avoid using it. There is also some EIPs being proposed for change/remove of tx.origin. ethereum/EIPs637 In NounsDAOLogicV2.sol,...
using tx.origin does not guarantee EOA (2)
Lines of code Vulnerability details Impact This condition does not guarantee that msg.sender is EOA. The best is to use isContractmsg.sender. Having tx.origin == msg.sender is possible to bypass from another smartcontract which means attacker could have access to whitelist-protected functions...
using tx.origin does not guarantee EOA (3)
Lines of code Vulnerability details Impact This condition does not guarantee that msg.sender is EOA. The best is to use !isContractmsg.sender. Having tx.origin == msg.sender is possible to bypass from another smartcontract which means attacker could have access to whitelist-protected functions...
IsContract Function Usage
Handle defsec Vulnerability details Impact the isContract function that uses EXTCODESIZE was discovered to be hackable. The function will return false if it is invoked from a contract's constructor because the contract has not been deployed yet. The code should be used very carefully, if at all, ...