search

foundry-rs / foundry

Foundry is a blazing fast, portable and modular toolkit for Ethereum application development written in Rust.
https://getfoundry.sh
Apache License 2.0
7.89k stars 1.58k forks source link

Show warning if using msg.sender or tx.origin in script without CLI flags being set #4317

Open devanoneth opened 1 year ago

devanoneth commented 1 year ago

Component

Forge

Describe the feature you would like

Issue created after this discussion with @mds1 in the TG group: https://t.me/foundry_support/32128

If msg.sender and/or tx.origin are the defaults AND we find the CALLER or ORIGIN opcodes in the script's method being executed THEN log a warning and require the developer to confirm they want the script to run anyway.

If the sender and/or origin are not specified in the CLI but are used in the script, unintended addresses may be passed to other contracts resulting in unwanted outcomes e.g. a Uniswap output going to the wrong address.

In the warning they should instead be advised to use an address that they know e.g. the same address they are broadcasting with.

Additional context

No response

zerosnacks commented 1 week ago

Ran into this before myself, in favor of adding this!