Challenge #12tx.origin Misuse

Difficulty: High
#Security#AccessControl
This contract uses tx.origin for access control, which is insecure.
Illustration for tx.origin Misuse

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
contract FallbackIssue {
mapping (address => uint) public balances;
function deposit() public payable { balances [msg.sender] += msg.value;
}
function withdraw(uint _amount) public { require(balances [msg.sender] >= _amount,
"Insufficient balance");
}
}
payable (msg.sender).transfer (_amount); balances [msg.sender] -= _amount;
💡 Hint: tx.origin can be manipulated. Prefer msg.sender.