Use of Insecure Function

Why is this important?

tx.origin is a global variable in Solidity which returns the address of the account that sent the transaction. Using the variable for authorization could make a contract vulnerable if an authorized account calls into a malicious contract. A call could be made to the vulnerable contract that passes the authorization check since tx.origin returns the original sender of the transaction which in this case is the authorized account.

Avoid Using Insecure Function

Option A: Avoid Use of `tx.origin`

Go through the issues that GuardRails identified in the PR.
Identify the code that looks like this:

  pragma solidity 0.4.24;

  contract MyContract {
    address owner;

    function MyContract() public {
      owner = msg.sender;
    }

    function sendTo(address receiver, uint amount) public {
      /* Note that this the insecure use of tx.origin */
      require(tx.origin == owner);
      receiver.transfer(amount);
    }
  }

Remove the tx.origin and authorize using msg.sender() instead.
Test it
Ship it 🚢 and relax 🌴

GuardRails

General

Apex

C/C++

Dotnet

Elixir

Go

Java

Javascript/TypeScript

Kubernetes

PHP

Python

Ruby

Rust

Solidity

Terraform

Use of Insecure Function

Why is this important?

Avoid Using Insecure Function

Option A: Avoid Use of `tx.origin`

More information

Why is this important?

Avoid Using Insecure Function

Option A: Avoid Use of tx.origin

More information

Option A: Avoid Use of `tx.origin`