-
Notifications
You must be signed in to change notification settings - Fork 0
/
Telephone.sol
31 lines (27 loc) · 1.03 KB
/
Telephone.sol
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
pragma solidity ^0.6.0;
// Challenge Take-away: Do not rely on tx.origin for authenticating a transaction initiator
//
// Summary: traditionally this type of contract has been very vuln to phishing
contract Telephone {
address public owner;
// Owner is set to be anyone who deploys this contract
constructor() public {
owner = msg.sender;
}
// tx.origin (global var) == sender of the transaction
// - More specifically, it's the user-wallet address (EOA) which kicked-off the transaction to ethereum
//
//
// msg.sender == the immediate account that sent the message
//
// EOA = Externally Owned Address (only type of address that owns a private key)
// - Also the only type of account that can initiate a transaction that gets sent
// to ethereum for processing
// Smart Contract Acct = Can send messages to other accounts, but it can never initiate a transaction
//
function changeOwner(address _owner) public {
if (tx.origin != msg.sender) {
owner = _owner;
}
}
}