POC: User security between scripts

[martijndoornik]

poc-user-security-between-scripts

Background / Context

Goal: When using multiple scripts that interact with each other, it is hard to track who was the original caller of the script. The goal is to make a definition of what user is calling a certain method when interacting between scripts.

Hypothesis:

Let's say you have three scripts, that interact in a chain called by user A, then you'd have the chain A > B > C > D. When you want to validate that A has a certain right, you can call msg.sender in B and it will return A's address, but calling msg.sender in C will return B's address. In this example, you can use the by now deprecated tx.origin, which will always return A's address, regardless of which script you call it in.

However, with the different identity scripts in the works, it will most likely be that script D wants to validate the identity given in script B, meaning that tx.origin will not be of value. A solution to this is to make script C validate the identity of B before calling script D. This would result in a function header like function doFunction(B identity) { ... }, which seems fine. However, what if I interact with D without interacting via C? Then I could fill in any address which relates to B without validation whether this is actually me, but could instead be any stranger.

Assignee:

Method

documentation/code

Result

present findings

Recommendation

write recomendation

[martijndoornik]

Part of the system. Can't be helped, really. The original transaction is signed by a private key. You can still retreive the signature and the address that signed it using tx. If you want to interact with the address that called your code, you can use msg.sender, but this can be another contract, such as an identity contract