You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The SmartWalletChecker::check function is used to determine if the caller is a smart contract or an EOA. It does so by checking if the extcodesize(account) == 0:
However, this check can be easily bypassed if a smart contract is calling the method within its constructor. During construction time the codesize will be still 0 and the check will pass.
If you want to make sure that an EOA is calling your contract, a simple way is require(msg.sender == tx.origin). However, preventing a contract is an antipattern with security and interoperability considerations.
The text was updated successfully, but these errors were encountered:
The
SmartWalletChecker::check
function is used to determine if the caller is a smart contract or an EOA. It does so by checking if theextcodesize(account) == 0
:However, this check can be easily bypassed if a smart contract is calling the method within its constructor. During construction time the
codesize
will be still 0 and the check will pass.If you want to make sure that an EOA is calling your contract, a simple way is
require(msg.sender == tx.origin)
. However, preventing a contract is an antipattern with security and interoperability considerations.The text was updated successfully, but these errors were encountered: