While using tx.origin to check authorization within smart contracts poses potential security risks, our use case does not. In the bridge contracts, tx.origin is only used to disallow smart contracts from directly calling the "unwrap" function since the bridge currently only supports transfer from externally owned accounts. It is safe to do this by comparing the tx.origin value to the msg.sender value.

For any additional questions, please visit our knowledge base or contact a support team member via the chat button at support.avax.network.

Chat with Ava Labs | Use Apps on Avalanche | Validate on Avalanche

Build on Avalanche

Did this answer your question?