Content pfp
Content
@
0 reply
0 recast
2 reactions
Julie B. pfp
Julie B.
@bbjubjub.eth
Help me I had a stupid idea but I cant explain why it's stupid: could tx.origin be used instead of explicit approvals for authorizing token transfers? Like iff you initiate a transaction your tokens are all unlocked
6 replies
3 recasts
5 reactions
0xmons pfp
0xmons
@xmon.eth
This seems pretty dangerous because arbitrary contract calls could drain you. Whereas rn you need to explicitly approve spenders
1 reply
0 recast
0 reaction
0xmons pfp
0xmons
@xmon.eth
For example someone makes an airdrpp contract that gives you free X but also drains u
1 reply
0 recast
0 reaction
Julie B. pfp
Julie B.
@bbjubjub.eth
That's true, but there are also phishing techniques inherent to the road we've taken, namely EIP-2612 phishing, increaseAllowance, Permit2, or straight up asking for approval and hoping the user gets confused. In the big picture I think people would get phished either way
1 reply
0 recast
0 reaction
0xmons pfp
0xmons
@xmon.eth
i think asking for approval at least has widespread wallet support and a straightforward check i think this greatly increases the attack surface--think about it, you'd have to vet literally the entire callstack of everything you call every single time - try to claim tokens, boom drained - try to mint nfts, boom drained - try to register ens, boom drained it makes literally every interaction you make potentially adversarial (!!!) it also doesn't help in a smart contract wallet centric world with paymasters if tx origin isn't the caller
1 reply
0 recast
0 reaction
Julie B. pfp
Julie B.
@bbjubjub.eth
If you have transaction simulation, which you do now and in the Endgame, you should notice. It's also uncommon to have contracts in the callpath that haven't been picked by either the user or the (duly audited) app. With native AA you could have a sensible equivalent to ORIGIN
1 reply
0 recast
0 reaction
0xmons pfp
0xmons
@xmon.eth
still not a fan as it makes simulation a strong requirement for interaction on every new chain, which isn't always possible on day one i would prefer that doesn't become the bottleneck, to speak nothing of the cat and mouse games (e.g. salmonella style) as tail risks
0 reply
0 recast
0 reaction