tx.origin in access control #2758

joanthecoder · 2025-07-30T03:14:58Z

joanthecoder
Jul 30, 2025

Can Slither detect issues related to unsafe use of tx.origin in access control? If so, how reliable is the detection?

marceontech · 2025-07-30T03:31:20Z

marceontech
Jul 30, 2025

Yes, Slither can detect dangerous use of tx.origin via its tx-origin detector, which flags contracts that use tx.origin in sensitive logic (like access control).

The detection is quite reliable for common patterns, especially when used like:

require(tx.origin == owner, "Not authorized");

however, Slither will not catch all complex proxy patterns or complicated logic, so you should still review code manually.

As a best practice, always use msg.sender instead of tx.origin for access checks, since tx.origin can be faked through phishing contracts.

0 replies

joanthecoder · 2025-07-30T03:41:18Z

joanthecoder
Jul 30, 2025
Author

Thanks, yes that confirms what the course says then

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

tx.origin in access control #2758

Uh oh!

{{title}}

Uh oh!

Replies: 2 comments

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

tx.origin in access control #2758

Uh oh!

joanthecoder Jul 30, 2025

Replies: 2 comments

Uh oh!

marceontech Jul 30, 2025

Uh oh!

joanthecoder Jul 30, 2025 Author

joanthecoder
Jul 30, 2025

marceontech
Jul 30, 2025

joanthecoder
Jul 30, 2025
Author