Challenge #16tx.origin Misuse

Difficulty: High
#Security#AccessControl
This contract uses tx.origin for access control, which is insecure.
Illustration for tx.origin Misuse
 
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
import
"@openzeppelin/contracts/access/AccessControl.sol";
contract Voting is AccessControl {
bytes32 public constant ADMIN_ROLE = keccak256("ADMIN_ROLE");
constructor (address admin) {
}
_grantRole(ADMIN_ROLE, admin);
function createProposal (string memory proposal) public onlyRole (ADMIN_ROLE) {
}
}
// Proposal creation logic
💡 Hint: tx.origin can be manipulated. Prefer msg.sender.