Blockchain & Cryptocurrency Glossary

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.

  • search-icon Clear Definitions
  • search-icon Practical
  • search-icon Technical
  • search-icon Related Terms

Transaction Origin

1 min read
Pronunciation
[tran-zak-shuhn awr-i-jin]
Analogy
Imagine a letter delivery starting from Alice's house (the EOA). Alice gives the letter to Postman Bob (Contract 1), who passes it to Postman Charlie (Contract 2) for final delivery. While Bob and Charlie handle the letter mid-way, the 'Transaction Origin' is always Alice – the person who started the entire delivery process by sending the first letter.
Definition
Refers to the original Externally Owned Account (EOA) address that initiated a transaction chain. Even if a transaction involves multiple internal calls between smart contracts, the transaction origin always remains the EOA that signed and sent the initial transaction.
Key Points Intro
Transaction Origin identifies the ultimate initiator of a transaction sequence.
Key Points

The EOA address that originally signed and initiated the transaction.

Remains constant throughout the entire call chain of a transaction, even across multiple contract interactions.

Accessed in Solidity using `tx.origin`.

Different from `msg.sender`, which refers to the immediate caller (which could be another contract or the EOA).

Example
If Alice (an EOA) calls Contract A, and Contract A then calls Contract B: - Inside Contract A: `msg.sender` is Alice's address, `tx.origin` is Alice's address. - Inside Contract B: `msg.sender` is Contract A's address, `tx.origin` is still Alice's address.
Technical Deep Dive
`tx.origin` is a global variable available during EVM execution. It retrieves the `Origin` field from the transaction data. While it seems useful for authentication, relying on `tx.origin` for authorization is a dangerous security vulnerability.
Security Warning
Using `tx.origin` for authorization in smart contracts is highly insecure and strongly discouraged. It makes the contract vulnerable to phishing-like attacks. A malicious contract could trick a user into calling it, and this malicious contract could then call the target contract. Inside the target contract, `tx.origin` would be the user's address (leading the target contract to believe the user initiated the call directly), allowing the malicious contract to perform actions on the user's behalf. Always use `msg.sender` for authorization checks.
Related Terms
Tx.origin
Msg.sender
Smart Contract
Transaction

Transaction Origin - Related Articles

No related articles for this term.