While using tx.origin to check authorization within smart contracts poses potential security risks, our use case does not. In the bridge contracts, tx.origin is only used to disallow smart contracts from directly calling the "unwrap" function since the bridge currently only supports transfer from externally owned accounts. It is safe to do this by comparing the tx.origin value to the msg.sender value.
For a more in-depth read on how the Avalanche Bridge works, please read the following articles.
For any additional questions, please view our other knowledge base articles or contact a support team member via the chat button.