Hi I have some questions regarding solidity security/syntax

Hi guys I'm learning Solidity and have a few questions I'd like clarified. I hope I can post this here, I posted on r/ethdev too but I think r/ethereum is more active.

• When sending eth to an address that calls a function is this the right way to do it? :

  (bool success,) = msg.sender.call{value: amt}("");

  require(success);

I just don't understand where the actual "send" is happening. Like I get it's making a call to the sender's address but when is it actually sending the value?

• How do fallback functions work? I'm trying to learn about reentrancy attacks and was a bit confused. Is the point that when a contract calls another's withdraw function it immediately goes to the fallback function once the eth is withdrawn?

• I'm trying to understand the concept of tx.origin. For example if i have Contract A and Contract B. If I as a user call a function through etherscan or remix or something on Contract A that calls some function in B that is to return the tx.origin, does that mean B will return my user address? Sorry if that's a little unclear, please let me know if I need to clarify

• Along with the above question – can using tx.origin instead of msg.sender open a contract to a reentrancy style attack? I figure if contract B were to store some data it uses for comparison or a require and accesses it using tx.origin – an intermediary contract A could be used to drain the funds since you're not using msg.sender's data – rather the user's data who called the malicious contract.

I really appreciate any help anyone can give me. I'm kind of struggling with these concepts – particularly the security related things. Apologies for the subpar formatting.