Concepts

Firewall

The Firewall is a set of smart contracts that work together to provide a robust on-chain security layer to your protocol. When a transaction is sent to your protocol it first reaches the Firewall (through our function modifiers, or with our Firewall Proxy) which examines the transaction with a set of security policies.

Once the transaction is allowed to proceed, your protocol executes the transaction as normal.

After your protocol finished executing the transaction, the Firewall will run additional Post-Execution policies to make sure the transaction did not change your protocol's state in a way that violates your business logic (if it did, the transaction will be reverted and your protocol remains unharmed).

Policy

A Policy is a set of security rules that define what transactions can or can't do on your protocol. Each policy is a specialized smart contract that is engineered to surgically detect and prevent an attack vector.

Policies are owned and deployed by you - the protocol owner - allowing you to apply the same governance requirements of your protocol to your security policies.

On-chain & Off-chain

The Firewall is a fully on-chain solution, meaning all the security policies are deployed on-chain and are run on-chain. This allows the Firewall to provide robust security to your protocol in real-time. Unless otherwise stated, all of our security policies run strictly on-chain - i.e. as smart contracts that run on the blockchain itself.

Some Policies (such as the Approved Calls with Signature) can provide an additional layer of security to protect against select behaviors by integrating with off-chain services.

Off-chain services are run on standard Web2 services, and are not part of the blockchain itself.

Signer API

For extra-sensitive transactions that require an additional layer of security checks, we created the Signer API. Coupled with the Approved Calls with Signature, this API allows Firewall Consumers to acquire a secure signature for transaction data before allowing it to go on-chain.

An end user will send their transaction to this API, where it will go through advanced off-chain security checks. If all checks pass, the user will receive a secure signature that they can use to pre-approve the transaction on-chain. Otherwise, the transaction will not be allowed to pass through the Firewall.