-
Notifications
You must be signed in to change notification settings - Fork 5
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Curious about using tx-sender for validating the sender #1
Comments
If you look at the specification for a STX transfer, it also authenticates with There is another layer of protection with post conditions that are sent with transactions, and they help to specify the expected outcome of the transaction. If those conditions are not met then the transaction fails. (great explanation here) Using |
Thanks for the detailed answer. I am clear about why stacks & clarity use a tx-sender as the sender when transferring the assets. As you mentioned, the user can simply notice that the malicious contract is trying to phishing by checking the post-conditions. However, the user does not really have to append the post-conditions to transfer the assets. But the wallet program will append the post-conditions like Thanks! |
From the SIP-010, it mentions the sender argument must same as the
tx-sender
The example token in this repo also validates sender equals to the
tx-sender
as above SIP.stacks-fungible-token/contracts/example-token.clar
Lines 27 to 35 in db64977
The curious thing is, why it uses
tx-sender
rather thancontract-caller
. Imagine that the EOA account interact with the malicious contract, the contract calls(transfer to the attacker) the SIP-010 token contract without aas-contract
function. SIP-010 token thinks the sender is the EOA account since it checkssender == tx-sender
. At the end The EOA account's fund is hacked by the contract (an attacker).Therefore, vulnerable to any kind of phishing attack is intended?
The text was updated successfully, but these errors were encountered: