Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

_transferOwnership() is an effective bypass of tx.origin #17

Closed
wants to merge 2 commits into from
Closed

_transferOwnership() is an effective bypass of tx.origin #17

wants to merge 2 commits into from

Conversation

defido
Copy link

@defido defido commented Mar 24, 2022
edited
Loading

To bypass the security or 'bad practice' of using tx.origin, _transferOwnership() is effective when using OZ Ownable. You can use it in the constructor setup effectively, before adding other logic, such as transaction approvals etc.

constructor( string memory name, string memory symbol, address payable setup_wallet, ) { _name = name_; _symbol = symbol_; _transferOwnership(setup_wallet) }

@defido
Add transfer ownership
ab30e7b 
_transferOwnership() is effective to make sure the deployer factory moves the ownership to the msg.sender.
@defido
Update README.md
7b22b63
@defido
Copy link
Author

defido commented Mar 24, 2022

Just a minor notice, feel free to ignore, I've tested it and it's far simpler than changing the Ownable, and safer than tx.origin (I think).

@pcaversaccio
Copy link
Owner

@defido thanks for raising this point. The reason why this can be done is due to the linearization pattern of multiple inheritance in Solidity (see here). Your pattern will emit two events since the first _transferOwnership call within the constructor of the Ownable contract will be triggered in any case.

The reason I don't want to have specific workarounds in the README is that this can pile up really fast due to the various libraries used out there (OZ is just one of multiple libraries). What I however would like to do is that you open a discussion here on this topic and share your input regarding OZ (also link to this PR please). Like that other people can share other approaches. Also, FYI, your recommendation could become obsolete with OZ contracts v5 where they plan to remove this first _transferOwnership call within the constructor of the Ownable contract.

I will link to the discussion thread in the README.

@basememara
Copy link

basememara commented Oct 3, 2023
edited
Loading

@defido your instinct of tx.origin not being safe was correct. Under the context of Account Abstraction, smart contracts have the ability to issue transactions on behalf of a user. See the section Security Considerations for Developers in this OpenZepplin post regarding how tx.origin may not be what's intended for that scenario.

If you're running xdeployer from the terminal, you should be ok (I think) since it's using the private key in the config. However, note that if you deploy using EIP-4337, then assumptions change.

@basememara
Copy link

basememara commented Oct 6, 2023
edited
Loading

OpenZepplin v5 was just released and can now pass in initialOwner 🎉

https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4267/files#diff-12d832c90ed93f8f3de2bdb5d70c7f18a00a7ee6ab685510c2f4c88510d32180

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@defido @pcaversaccio @basememara