# Security

It is recommend that callback functions on-chain verify that their caller is the known Midpoint EOA and transaction is being submitted by a known [midpoint-id](https://docs.midpointapi.com/midpoint-documentation/core-concepts/midpoints/midpoint-id "mention"). This ensures that the contract is only called by a midpoint that is authorized to call that contract. We recommend keeping this security check in place however it is not explicitly checked or required. 

{% hint style="warning" %}
The Midpoint EOA is 0xC0FFEE4a3A2D488B138d090b8112875B90b5e6D9.
{% endhint %}

In order to secure your contract, we recommend making the first argument in your TransactToEvmFunction the following, where you replace `"123"` with your Midpoint ID:

```json
"arguments": [
    {
        "name": "Midpoint_ID",
        "datatype": "uint64",
        "value": "123"
    }
]
```

In your contract, add the following lines:

```solidity
require(tx.origin == midpointEOA, "Invalid callback address");
require(midpointID == midpointId, "Invalid Midpoint ID");
```

This will ensure the transaction is only submitted by the authorized EOA, for the particular Midpoint ID.