EVM Exploit January 1, 2017 4 min read

tx.origin Authentication Exploit Generator

Sigvex exploit generator that validates tx.origin authentication vulnerabilities by simulating a phishing scenario where an intermediary contract calls the victim with the owner's tx.origin.

evmaccess-controlexploit-generator

tx.origin Authentication Exploit Generator

Overview

The tx.origin authentication exploit generator validates findings from the tx-origin, tx_origin_auth, and tx-origin-auth detectors by executing four scenarios that distinguish between direct owner calls, direct attacker calls, and calls routed through an intermediary contract. The critical test is whether the contract grants access when tx.origin == owner but msg.sender is an attacker contract — the classic phishing vector.

Multiple wallet contracts have been drained via tx.origin phishing attacks. The attack requires only social engineering: the attacker deploys a malicious contract disguised as a legitimate interaction (an airdrop claim, an NFT mint) and tricks the owner into calling it. During that call, the attacker contract calls the victim contract, which checks tx.origin == owner — and grants access.

Note: Exploit generation in Sigvex is for vulnerability validation purposes only.

Attack Scenario

The victim wallet uses require(tx.origin == owner, "Not owner") in its withdraw() function.
The attacker deploys PhishingAttack with a function claimAirdrop() that internally calls victim.withdraw(amount).
The attacker advertises a fake airdrop website and tricks the owner into calling claimAirdrop().
Transaction flow: Owner (EOA) → PhishingAttack → VulnerableWallet.
Inside VulnerableWallet.withdraw():
- tx.origin = Owner (EOA) — always the original signer
- msg.sender = PhishingAttack contract
- require(tx.origin == owner) passes — owner is the tx.origin
Funds are transferred to msg.sender (the PhishingAttack contract) or directly to the attacker.

Exploit Mechanics

The generator runs four scenarios with consistent initial storage (slot 0: owner address, slot 1: balance 1000):

Scenario	`msg.sender`	`tx.origin`	Expected result
1 — Direct owner	owner	owner	Succeeds (legitimate use)
2 — Direct attacker	attacker EOA	attacker EOA	Reverts (wrong owner)
3 — Phishing	attacker contract	owner	Should revert, but may succeed if using `tx.origin`
4 — Attacker via contract	attacker contract	attacker EOA	Reverts

The fallback calldata targets withdraw() (selector 0x3ccfd60b) with a parameter of 100 wei.

Verdict logic:

Scenario 1 succeeds, Scenario 2 reverts, Scenario 3 succeeds → critical (confidence 0.95): phishing attack confirmed via tx.origin.
Scenario 1 succeeds, Scenario 3 succeeds, Scenario 4 reverts → likely (confidence 0.85): pattern consistent with require(tx.origin == owner).
Scenario 1 succeeds, Scenario 2 reverts, Scenario 3 reverts → protected: uses msg.sender correctly.
All scenarios succeed → no access control detected (confidence 0.90).

The generated PoC shows the complete phishing flow:

// ATTACKER: Phishing contract disguised as airdrop
contract PhishingAttack {
    IVictim public victim;

    // Appears legitimate: "claim free airdrop"
    function claimAirdrop() external {
        // When victim (owner) calls this:
        // tx.origin = owner (legitimate)
        // msg.sender = this contract
        victim.withdraw(1000 ether); // Drains victim's funds
        payable(attacker).transfer(address(this).balance);
    }
}

// tx.origin flow:
// Owner → PhishingAttack → VulnerableWallet
// tx.origin = Owner ✓  (check passes)
// msg.sender = PhishingAttack (not checked)

Remediation

Detector: tx.origin Detector
Remediation Guide: tx.origin Remediation

Replace every tx.origin authentication check with msg.sender:

// VULNERABLE: tx.origin allows phishing
function withdraw(uint256 amount) external {
    require(tx.origin == owner, "Not owner"); // BAD
}

// SECURE: msg.sender is the immediate caller
function withdraw(uint256 amount) external {
    require(msg.sender == owner, "Not owner"); // GOOD
}

// OPTIONAL: Require direct EOA call (blocks all intermediaries)
modifier onlyDirectCall() {
    require(tx.origin == msg.sender, "No contract calls");
    _;
}

tx.origin has one legitimate use case: detecting whether a call comes directly from a human (EOA) rather than a contract. For this narrow purpose, the check require(tx.origin == msg.sender) is appropriate. Using tx.origin for identity checks (who the owner is) is never safe.

References

SWC-115: Authorization through tx.origin
Consensys: tx.origin Authentication
Solidity Documentation: tx.origin vs msg.sender

EVM Attack Pattern

Access Control Bypass

How attackers exploit missing or improper access restrictions on critical functions — responsible for over $1.3 billion in DeFi losses including the largest hack in history.

EVM Detector

Access Control

Detects missing or improperly implemented access controls on privileged functions, allowing unauthorized callers to execute restricted operations.

EVM Exploit

Access Control Bypass Exploit Generator

Sigvex exploit generator that validates missing access control by calling privileged functions from an unauthorized address and checking for storage mutations.

EVM Exploit

Bridge Message Manipulation Exploit Generator

Sigvex exploit generator that validates cross-chain bridge vulnerabilities including message replay, cross-chain replay, and Nomad-style uninitialized state exploitation.

EVM Exploit

Centralization Risks Exploit Generator

Sigvex exploit generator that validates centralization risk findings by classifying the specific privilege type and documenting the trust assumptions and attack scenarios enabled by single-owner control.

EVM Exploit

Cross-Chain Balance Inconsistency Exploit Generator

Sigvex exploit generator that validates cross-chain bridge balance inconsistency vulnerabilities including replay attacks, non-atomic operations, weak proof verification, and finality exploits that allow token supply inflation on the destination chain.

EVM Exploit

Default Visibility Exploit Generator

Sigvex exploit generator that validates default visibility vulnerabilities in Solidity contracts where missing visibility modifiers default to public, exposing sensitive initialization and admin functions.

EVM Exploit

Selfdestruct Vulnerability Exploit Generator

Sigvex exploit generator that validates selfdestruct vulnerabilities including unprotected self-destruction, library-based destruction (Parity-style), and forced ETH reception.

EVM Exploit

Validator/Relayer Compromise Exploit Generator

Sigvex exploit generator that validates bridge validator and relayer compromise vulnerabilities including low M-of-N thresholds, key management failures, centralized relayers, and missing validator rotation — with the Ronin Bridge ($625M) as the canonical attack scenario.

EVM Remediation

Access Control Remediation

How to implement proper access controls on privileged functions using ownership patterns, role-based access, and multi-signature authorization.

EVM Remediation

Arbitrary Storage Write Remediation

How to eliminate arbitrary storage write vulnerabilities by removing user-controlled assembly SSTORE operations, using Solidity mappings, and enforcing slot allowlists for unavoidable inline assembly.

EVM Remediation

Bridge Message Remediation

How to secure cross-chain bridge message processing by implementing nonce-based replay protection, chain ID binding, explicit state initialization, and validator threshold requirements.

EVM Remediation

Centralization Risks Remediation

How to reduce centralization risk through timelocks, multi-signature wallets, on-chain governance, and hard-coded parameter caps that protect users from compromised or malicious admins.

EVM Remediation

Cross-Chain Balance Inconsistency Remediation

How to eliminate cross-chain bridge balance vulnerabilities by implementing proof deduplication, deep finality requirements, Merkle proof verification, and the lock-and-mint pattern.

EVM Remediation

Default Visibility Remediation

How to eliminate default visibility vulnerabilities by always specifying explicit visibility modifiers on all functions and state variables, and upgrading to Solidity 0.5.0+ which enforces this at compile time.

EVM Remediation

ERC20 Violations Remediation

How to eliminate ERC20 integration vulnerabilities by using SafeERC20 for all token operations, measuring actual received amounts for fee-on-transfer tokens, and handling non-standard token behaviors such as missing return values and rebase mechanics.

EVM Remediation

Use the Sign In button in the navigation bar.

Sigvex

Advanced bytecode decompilation and security analysis across multiple runtimes. Detect vulnerabilities, exploits, and reverse-engineer smart contracts directly on-chain.

Product

Features
How It Works
Pricing

Resources

Knowledge Base
Research
Blog

Company

About
Contact
Security

Legal

Terms of Service
Privacy Policy
Cookie Policy
Acceptable Use

Built for developers, by developers.