Security

Ensure your contract is only called by an authorized midpoint.

It is recommend that callback functions on-chain verify that their caller is the known Midpoint EOA and transaction is being submitted by a known Midpoint ID. This ensures that the contract is only called by a midpoint that is authorized to call that contract. We recommend keeping this security check in place however it is not explicitly checked or required.

In order to secure your contract, we recommend making the first argument in your TransactToEvmFunction the following, where you replace "123" with your Midpoint ID:

"arguments": [
    {
        "name": "Midpoint_ID",
        "datatype": "uint64",
        "value": "123"
    }
]

In your contract, add the following lines:

require(tx.origin == midpointEOA, "Invalid callback address");
require(midpointID == midpointId, "Invalid Midpoint ID");

This will ensure the transaction is only submitted by the authorized EOA, for the particular Midpoint ID.

Last updated

Was this helpful?