Security
Ensure your contract is only called by an authorized midpoint.
It is recommend that callback functions on-chain verify that their caller is the known Midpoint EOA and transaction is being submitted by a known Midpoint ID. This ensures that the contract is only called by a midpoint that is authorized to call that contract. We recommend keeping this security check in place however it is not explicitly checked or required.
The Midpoint EOA is 0xC0FFEE4a3A2D488B138d090b8112875B90b5e6D9.
In order to secure your contract, we recommend making the first argument in your TransactToEvmFunction the following, where you replace
"123" with your Midpoint ID:"arguments": [
{
"name": "Midpoint_ID",
"datatype": "uint64",
"value": "123"
}
]
In your contract, add the following lines:
require(tx.origin == midpointEOA, "Invalid callback address");
require(midpointID == midpointId, "Invalid Midpoint ID");
This will ensure the transaction is only submitted by the authorized EOA, for the particular Midpoint ID.
Last modified 27d ago