Home

Admin Notary

Overview

This policy is useful for contracts that have sensitive admin functions that need to be called frequently, and you don't necessarily want to use a Multi-Sig wallet to call them (although this can also be used on top of a Multi-Sig for even better security).

You can use this policy to allow a 3rd party notary to approve the call after off-chain authentication verifying that the owner of the contract is the one making the call.

Protected Attack Vector

This policy protects against an attacker that may have gained access to a privileged private key of the protocol (i.e. a private key of one of the admins of the protocol) and attempts to send a malicious transaction to your protocol.

Even with the privileged private key, the transaction will be blocked by this policy - unless it's data was pre-approved by a 3rd party notary.

How It Works

  1. When one of your protocol admins needs to send a transaction to the protocol, they will first need to send the transaction's data to a 3rd party notary.

  2. The notary will then need to hash the transaction's data and approve it on the policy. Approval for the transaction is given by the notary calling the approveCall() function of the policy.

  3. Once the transaction has been approved, the protocol admin can send the transaction, and the policy will allow it to go through.

Setup Instructions

  1. Deploy your own version of this policy (see Source Code).

  2. The default expirationTime for each 3rd party approval is 1 day. If you want to change this, issue a setExpirationTime() call to set a new expiration.

  3. Add the newly deployed policy to the Firewall (you can do this Globally or Per-Method, see Policy Administration).

  4. That's it!

Properties

Name
Type
Description

expirationTime

uint

the default amount of time a call hash is valid for after it is approved

adminCallHashApprovalTimestamp

mapping (bytes32 => uint)

the timestamp that a call hash was approved at (if approved at all)

Methods

approveCall()

function approveCall(bytes32 _callHash)

Callable only by the policy owner (i.e. the notary). Approves transaction data that was hashed by a notary so that the protocol's admin(s) will be able to send the transaction securely.

Parameter Name
Type
Description

_callHash

bytes32

the hashed transaction data

setExpirationTime()

function setExpirationTime(uint _expirationTime)

Callable only by the policy owner (i.e. the notary). Sets the expiration time for approved transaction data. If a protocol admin sends a transaction after the approval has expired, the transaction will not be allowed to go through (it will be reverted by the policy). This setting is global for all approvals.

Parameter Name
Type
Description

_expirationTime

uint

the expiration time for approvals

Security Lifecycle

This policy runs during the Firewall's Pre-Execution hook.

Source Code

On our GitHub repository: AdminCallPolicy.sol

PreviousPoliciesNextWhitelist

Last updated