Approved Patterns

Overview

Powered by our advance AI security engine, this policy will only allows transactions that interact with your protocol in a safe way. The engine provides a list of Approved Patterns - a list of calls that are allowed to be performed in sequence on your protocol - and only these vectors will be allowed to go through.

Any transaction that performs calls outside the Approved Patterns list will be blocked.

Protected Attack Vector

For certain protocols, zero-day attacks may be discovered by crafting a malicious transaction that makes calls to your smart contracts in a way it wasn't intended to be used.

In such cases, the transaction will be blocked by this policy because the calls in the malicious transaction aren't in the Approved Patterns list.

How It Works

As part of the policy's setup, a list of Approved Patterns is generated by our AI security engine and is configured on the policy.
A transaction executing a several calls reaches the Firewall.
If the calls in the transactions are approved, the transaction will be allowed to go through. If not, the transaction will be reverted.

Internally, the Approved Patterns lists are hashed for high-efficiency calculation on-chain

Setup Instructions

Deploy your own version of this policy (see Source Code).
Configure the Approved Patterns you wish to allow for your protocol. NOTE: Contact our Support for more information on how to get these generated for your protocol
Add the newly deployed policy to the Firewall (you can do this Globally or Per-Method, see Policy Administration).
That's it!

Properties

Name

Type

Description

originCurrentVector

mapping

(address =>

mapping

(uint => bytes)

)

a mapping of the currently examined list of (updates per transaction as calls get executed)

approvedVectorHashes

mapping

(bytes32 => bool)

a mapping of the (hashed)

Methods

approveMultipleHashes()

`function approveMultipleHashes(bytes32[] calldata _vectorHashes)`

Callable only by the policy owner. Approves multiple Approved Vectors

Parameter Name

Type

Description

_vectorHashes

bytes32[] calldata

an array of hashes

removeMultipleHashes()

`function removeMultipleHashes(bytes32[] calldata _vectorHashes)`

Callable only by the policy owner. Removes previously Approved Vectors hashes.

Parameter Name

Type

Description

_vectorHashes

bytes32[] calldata

an array of hashes

setVectorHashStatus()

`function setVectorHashStatus(bytes32 _vectorHash, bool _status)`

Callable only by the policy owner. Sets the status (approve / disapprove) of a single Approved Vectors hash.

Parameter Name

Type

Description

_vectorHashe

bytes32

the hashes

_bool

bool

true to approve or false to disapprove

Security Lifecycle

This policy runs during the Firewall's Pre-Execution hook.

Source Code

On our GitHub repository: ApprovedVectorsPolicy.sol

PreviousApproved Calls NextBalance Guard

Last updated 6 months ago