Unsafe Use of Tx Origin

What it detects

This detector finds access control that checks tx.origin instead of msg.sender. Attackers can trick users into calling malicious contracts that then call the vulnerable contract, passing the victim’s origin.

Typical symptoms

Functions guarded with require(tx.origin == owner)
Indirect calls still succeed through attacker contracts

Solidity snippet (v0.8.25)

pragma solidity ^0.8.25;

contract OriginAuth {
    address public owner;
    
    function privileged() external {
        // Vulnerable origin check
        require(tx.origin == owner, "not owner");
    }
}

Why it matters on EVM

Using tx.origin for authorization allows phishing attacks that hijack user transactions to execute unauthorized actions.

What it detects​

Typical symptoms​

Solidity snippet (v0.8.25)​

Why it matters on EVM​

What it detects

Typical symptoms

Solidity snippet (v0.8.25)

Why it matters on EVM