Liquidity Management
Gamma
DeFiFoundry
50,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Use `tx.origin` instead of `msg.sender` in authorization check.

kevinkkien

Summary

The setPerpVault function in the contract uses tx.origin to check permissions, ensuring that only the owner of the contract is allowed to perform this operation. This poses a high potential security risk, especially vulnerable to phishing attacks.

Vulnerability Details

In the setPerpVault function, permissions are checked based on the condition:

require(tx.origin == owner(), "not owner");

This means that whoever initiates the transaction (EOA - Externally Owned Account) whose address matches the owner() is considered valid, regardless of how many intermediary contracts the transaction passes through.

Phishing attack scenario:

  • The attacker deploys a malicious contract and sends it to the legitimate owner of the target contract.

  • When the owner interacts with the malicious contract, the contract calls the setPerpVault function of the target contract.

  • Since tx.origin is the owner EOA address, the target contract will misunderstand this transaction as valid and allow the attacker to make changes to the perpVault address.

Referer:

Impact

Can be phising attack to changes to the perpVault address

Tools Used

manual

Recommendations

Use msg.sender to check the authority

require(msg.sender == owner(), "not owner");
Updates

Lead Judging Commences

n0kto Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Known issue
Assigned finding tags:

invalid_tx-origin

Lightchaser: Medium-5

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.