LogoLogo
MidpointContact UsThe Docs are Wrong!
  • What is Midpoint
  • What actually is a midpoint?
  • Midpoint FAQs
  • Get Started
    • Sample Midpoints
      • Filecoin Filrep Oracle: Obtain miner reputations on-chain
      • Oracle: Call any API from a smart contract
      • Listener: Subscribe an internal service to any event
      • Data Feed: Stream a data feed on-chain at regular intervals
      • Data Bridge: Pass arbitrary messages between chains
      • Automation: Ensure a function is called at regular intervals
    • Videos
  • Using Midpoint
    • API Key
    • Midpoint CLI
    • GraphQL API
    • Dashboard
  • Core Concepts
    • Midpoints
      • Midpoint ID
      • Sources
      • Tasks
      • Source and Task Definitions
        • Secrets
        • Variables
        • Exclude Logs
        • Extracts
    • Requests
      • Request ID
      • Events
    • Credits and Payment
  • Sources
    • Startpoint Called
    • EVM Event Emitted
    • Cron Job Triggered
  • Tasks
    • Make HTTP Request
      • OAuth and Multi-Step Authentication
    • Call EVM Function
    • Transact to EVM Function
      • Security
    • Shift Decimal
  • More Reading
    • Chain IDs
    • Startpoints
    • Midpoint EOAs
  • Get in Touch
    • Contact Links
Powered by GitBook
On this page

Was this helpful?

  1. Tasks
  2. Transact to EVM Function

Security

Ensure your contract is only called by an authorized midpoint.

It is recommend that callback functions on-chain verify that their caller is the known Midpoint EOA and transaction is being submitted by a known Midpoint ID. This ensures that the contract is only called by a midpoint that is authorized to call that contract. We recommend keeping this security check in place however it is not explicitly checked or required.

The Midpoint EOA is 0xC0FFEE4a3A2D488B138d090b8112875B90b5e6D9.

In order to secure your contract, we recommend making the first argument in your TransactToEvmFunction the following, where you replace "123" with your Midpoint ID:

"arguments": [
    {
        "name": "Midpoint_ID",
        "datatype": "uint64",
        "value": "123"
    }
]

In your contract, add the following lines:

require(tx.origin == midpointEOA, "Invalid callback address");
require(midpointID == midpointId, "Invalid Midpoint ID");

This will ensure the transaction is only submitted by the authorized EOA, for the particular Midpoint ID.

PreviousTransact to EVM FunctionNextShift Decimal

Last updated 2 years ago

Was this helpful?