What Does The Axelar Function ValidateContractCall() Do?

The validateContractCall() function seems important, but I am not 100% clear on what gets validated and what my own contract code needs to do in terms of further validation to ensure that the message is legit and originated from "allowed" contract(s) on the source chain. I know other GMP services require you to register an "allowlist" of contract addresses, etc. -- what is the approach with Axelar?
Thank You

What is getting validated here is that the execution of the function is coming from the Axelar network. The Axelar validator set owns the key which controls the Gateway contract on each chain it's deployed on.

This key is generated by many "key shares". Each validator controls a given amount of key shares based on how much AXL they have staked. Transactions are confirmed after a vote by the validators. Only after a successful consensus by the validator set the Gateway contract is executed by this key.

The validateContractCall() is making sure that the key triggering the function is, in fact coming from the Axelar validator set after completing the above process.

Worth noting that in the actual definition of this function:

function validateContractCall(
        bytes32 commandId,
        string calldata sourceChain,
        string calldata sourceAddress,
        bytes32 payloadHash
    ) external override returns (bool valid) {
        bytes32 key = _getIsContractCallApprovedKey(commandId, sourceChain, sourceAddress, msg.sender, payloadHash);
        valid = getBool(key);
        if (valid) _setBool(key, false);
    }

We pass in the sourceChain and sourceAddress manually, so it is also worth validating that the call is coming from the correct source chain and source contract address in addition to validating that the call is coming from the Axelar network.

Here are some good resources if you want to read up more on this!

• How Axelar verify incoming GMP messages
• Gateway Smart Contract