Olanetsoft
commented
4 months ago The gateway.validateContractCall function to verify if the gateway has approved a particular contract call. When the validation fails, the execution of the function is immediately reverted, and an error is thrown. This error signifies that the contract call has not received approval from the gateway.
Regarding possible malicious calls originating from the source chain, it is the application developer's responsibility to ensure that the destination contract validates the "sourceAddress." The "sourceAddress" represents the account that initiates the "callContract" operation on the gateway.
You can take a look at this video to learn more about it.
While it is clear that the gateway is validating/approving the call, my question is: What does it mean to be approved/validated? What specific assurances can I rely on if the call is approved.
One example comes to mind: suppose a malicious user copies my contract on the source chain, and then sends a GMP to my contract on the remote chain, with the intent of minting tokens to their own address. Seems like the Axelar gateway might approve/validate this call as long as gas was paid, payload attached, etc. So, while Axelar might consider this call to be "valid", based on my own internal objectives, it is actually malicious.