Full Report
In Clarity, there is both tx.origin as tx-sender and msg.sender as contract-caller. Many contracts, including SIP-010 tokens, use tx-sender for authentication. This has the issue of phishing, where a user calls into a malicious contract, the contract can use the abuse the permissions to act as that user. The article dissects the implications of this design. One interesting note to me was around requiring 1uSTX trick. Since the normal contract interactions are not expecting a function to be called, you can set the post-condition to be 0 STX. When this happens, the TX will fail. 1 STX is so little funds it's alright but it prevents the attack. Neat!
Analysis Summary
# Vulnerability: Phishing via `tx-sender` Authentication in Clarity Contracts
## CVE Details
- **CVE ID**: Not yet assigned (Protocol-level design flaw)
- **CVSS Score**: 7.5 (High) - Estimated based on impact to Integrity and Availability
- **CWE**: CWE-290: Authentication Bypass by Spoofing
## Affected Systems
- **Products**: Stacks blockchain smart contracts (Clarity)
- **Versions**: All versions of Clarity utilizing `tx-sender` for authentication.
- **Configurations**: SIP-010 (Tokens), SIP-009 (NFTs), and any contract using the logic: `(asserts! (is-eq tx-sender sender) ERR_NOT_OWNER)`.
## Vulnerability Description
The vulnerability stems from an architectural design choice in the Clarity language where `tx-sender` is frequently used for authentication.
- **The Mechanism**: `tx-sender` returns the address of the original account that signed the transaction, regardless of intermediate contract calls. This is functionally identical to Solidity's `tx.origin`.
- **The Flaw**: If a user is phished into calling a malicious contract (e.g., via a "honey-pot" or "free mint" site), that malicious contract can call sensitive functions on other legitimate contracts. Since the user is the original transaction signer, the legitimate contract validates `tx-sender` as the user’s address and executes unauthorized actions (e.g., transferring assets) on the user's behalf.
## Exploitation
- **Status**: PoC available/Identified in the wild (The authors identified specific popular NFT contracts that are currently vulnerable).
- **Complexity**: Low
- **Attack Vector**: Network (Phishing/Social Engineering)
## Impact
- **Confidentiality**: Low
- **Integrity**: High (Unauthorized transfer of NFTs and Fungible Tokens)
- **Availability**: High (Loss of access to assets/funds)
## Remediation
### Patches
- There is no protocol-level patch for the Clarity language itself as of March 2025.
- Individual contract developers must rewrite authentication logic.
### Workarounds
- **Authentication Shift**: Use `contract-caller` (similar to `msg.sender` in Solidity) for sensitive administrative or transfer functions instead of `tx-sender`.
- **The "1 uSTX Trick"**: A creative mitigation where a function requires a transfer of 1 micro-STX (uSTX) from the user. Because users/wallets can set a **Post-Condition** that specifically limits STX transfers to 0 or 1 uSTX, a malicious contract trying to perform unauthorized actions (which usually won't match the user's expected post-conditions) will cause the entire transaction to fail.
## Detection
- **Indicators of Compromise**: Unexpected contract calls appearing in transaction history where a third-party contract acts as an intermediary to sensitive asset-transfer functions.
- **Detection Methods**: Permanent audit of contract source code for the specific `tx-sender` pattern. Transaction simulation in wallets to check if post-conditions are being bypassed or if assets are moving to unintended destinations.
## References
- [Official Stacks Documentation - tx-sender](https://docs.stacks.co/reference/keywords#tx-sender)
- [Clarity Book - Security Keywords](https://book.clarity-lang.org/ch03-00-keywords.html)
- [100proof Analysis Defanged] - hxxps://100proof.org/a-questionable-design-choice.html
- [GitHub Issue Discussion] - hxxps://github.com/stacks-network/stacks-core/issues/2921