foundry icon indicating copy to clipboard operation
foundry copied to clipboard
verified publisher icon foundry-rs

Show warning if using msg.sender or tx.origin in script without CLI flags being set

Open devanoneth opened this issue 2 years ago • 1 comments

Component

Forge

Describe the feature you would like

Issue created after this discussion with @mds1 in the TG group: https://t.me/foundry_support/32128

If msg.sender and/or tx.origin are the defaults AND we find the CALLER or ORIGIN opcodes in the script's method being executed THEN log a warning and require the developer to confirm they want the script to run anyway.

If the sender and/or origin are not specified in the CLI but are used in the script, unintended addresses may be passed to other contracts resulting in unwanted outcomes e.g. a Uniswap output going to the wrong address.

In the warning they should instead be advised to use an address that they know e.g. the same address they are broadcasting with.

Additional context

No response

devanoneth avatar Feb 09 '23 17:02 devanoneth

Ran into this before myself, in favor of adding this!

zerosnacks avatar Jun 28 '24 15:06 zerosnacks

@devanoneth there's a check added with https://github.com/foundry-rs/foundry/pull/7141 https://github.com/foundry-rs/foundry/blob/57bb12e022fb9ea46a4a7ca8647eb016e8d43ca3/crates/script/src/broadcast.rs#L219-L223

Could you please check if the scenarios (tx.origin) you're using are covered? thank you!

grandizzy avatar Nov 05 '24 13:11 grandizzy

@klkvr I think this one is already implemented, maybe missing for tx.origin, can you pls chime in? thanks!

grandizzy avatar Nov 21 '24 12:11 grandizzy

already fixed in nightly

jenpaff avatar Apr 22 '25 16:04 jenpaff