August 2019
Intermediate to advanced
486 pages
13h 52m
English
Content preview from Mastering Blockchain Programming with Solidity
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Preventing an attack
You should not use tx.origin in your contract to check for the authorization. Always use msg.sender to check the authorization of the function calls:
modifier onlyAuthorized() { //Good Practice require(authorized == msg.sender); _;}
In the preceding code, we are using msg.sender instead of tx.origin. This fixes the issue, and an attacker would not be able to perform the attack because msg.sender always returns the address of the previous caller in the call stack. In the previous attack scenario, msg.sender would return the address of AttackerContract; hence, authorization fails, and funds would not be sent to the attacker.