@yoavw from 7377 discussion:
tx.origin hashing - nice way to placate these projects, but should we?
- tx.origin “protection” has been proven problematic many times in the past.
- It is one of the two biggest obstacles to AA adoption (the 2nd one being lack of EIP-1271 support).
- AA might never become a 1st class citizen if we don’t let contract accounts be tx.origin.
The situation is:
- We can’t get first-class AA without addressing tx.origin
- We can’t address tx.origin (either in 7645 or in the AA solution itself) without breaking stuff
- The stuff we would “break” is already “broken”, having been advised against since mid-2016
Quoting @MicahZoltu from the #future-eoas Discord channel:
This pattern is flagged by every auditor out there, and plastered all over docs, tutorials, etc. None the less, people do stupid things when they are allowed, even when you tell them not to.
@yoavw again from the 7377 discussion
[require(tx.origin == msg.sender)] often doesn’t achieve its goal. Some projects added this check as a knee-jerk reaction to flashloans when they came out. But a miner (or now block builder) could always perform the same attack by bundling transactions to bring liquidity, perform the attack, and pull the liquidity out.
How to let contract developers reliably know if they’re dealing with a smart contract or, more to the point, simply avoid problems if caller is a smart contract is outside the scope of this EIP.
So the question is: “are we going to let advised-against, misuse of tx.origin to stop us from eliminating this tech debt and moving Ethereum forward with AA?”
I understand people saying “we shouldn’t be opinionated about what opcodes someone use if they are available.” My response to that would be that we are opinionated that developer shouldn’t use gas prices for critical logic, right? But via Murphy’s law, they probably have. That hasn’t stopped us from adjusting gas prices when necessary. How is fixing tx.origin any different?
Back to this EIP: shouldn’t we fix tx.origin simply, elegantly and finally in this manner now rather than spaghetti-coding around it later and forever? I’d almost rather abandon AA altogether than do the latter, but I might be in a minority on that.