Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Provide a modifier to prevent calling from another contract.

See original GitHub issue

🧐 Motivation

A lots of contract security issues need to be exploited by calling from another contract, so we often protect our contract by preventing contract calling some critical functions.

📝 Details

We can provide a modifier to do this check, although address.code.length == 0 do the same effect, that cost more gas.

modifier callerIsUser() {
     require(tx.origin == msg.sender, 'The caller is another contract.');
      _;
}

function mint() public callerIsUser {
  ...
}

Issue Analytics

State:
Created 2 years ago
Comments:5 (3 by maintainers)

Top GitHub Comments

1reaction

Amxxcommented, Mar 1, 2022

Some users don’t use EOA. They use Argent, Gnosis, or any other smart-contract-based wallets. By forcing tx.origin == msg.sender you are preventing these users for interacting with you. I would not call that fair.

I am yet to see a case where using such a modifier was really needed. All usages I’ve seen so far were trying to mitigate “bad” design decisions.

0reactions

themezcommented, Mar 2, 2022

I got your points now, thanks @Amxx @frangio I might use tx.origin == msg.sender to exclude contract user or even real smart wallet users sometimes, for example in some case I’ll just use block.timestamp as random seed instead of VRF which is expensive. But I understand your concern for including such a modifier in library.