# Approved Patterns

## Overview

Powered by our advance AI security engine, this policy will only allows transactions that interact with your protocol in a safe way. The engine provides a list of [Approved Patterns](/firewall/glossary.md#approved-patterns) - a list of calls that are allowed to be performed in sequence on your protocol - and only these vectors will be allowed to go through.

Any transaction that performs calls outside the [Approved Patterns](/firewall/glossary.md#approved-patterns) list will be blocked.

## Protected Attack Vector

For certain protocols, zero-day attacks may be discovered by crafting a malicious transaction that makes calls to your smart contracts in a way it wasn't intended to be used.

In such cases, the transaction will be blocked by this policy because the calls in the malicious transaction aren't in the [Approved Patterns](/firewall/glossary.md#approved-patterns) list.

## How It Works

1. As part of the policy's setup, a list of [Approved Patterns](/firewall/glossary.md#approved-patterns) is generated by our AI security engine and is configured on the policy.<br>
2. A transaction executing a several calls reaches the [Firewall](/firewall/glossary.md#firewall).<br>
3. If the calls in the transactions are approved, the transaction will be allowed to go through.\
   If not, the transaction will be reverted.

> Internally, the [Approved Patterns](/firewall/glossary.md#approved-patterns) lists are hashed for high-efficiency calculation on-chain

## Setup Instructions

1. Deploy your own version of this policy *(see* [*Source Code*](#source-code)*)*.<br>
2. Configure the [Approved Patterns](/firewall/glossary.md#approved-patterns) you wish to allow for your protocol.\
   \
   **NOTE:** Contact our [Support](/firewall/support.md) for more information on how to get these generated for your protocol<br>
3. Add the newly deployed policy to the [Firewall](/firewall/glossary.md#firewall) *(you can do this* [*Globally*](/firewall/configuration/firewall-configuration.md#global-policies) *or* [*Per-Method*](/firewall/configuration/firewall-configuration.md#per-method-policies)*, see* [*Policy Administration*](/firewall/configuration/policy-administration.md)*)*.<br>
4. That's it!

## Properties

<table><thead><tr><th width="257">Name</th><th width="256.3333333333333">Type</th><th>Description</th></tr></thead><tbody><tr><td><code>originCurrentVector</code></td><td><p><code>mapping</code></p><p><code>(address =></code></p><p>   <code>mapping</code></p><p>   <code>(uint => bytes)</code></p><p><code>)</code></p></td><td>a mapping of the currently examined list of <a href="/pages/SytHKgKfwQDKzbldyqNt#approved-patterns">Approved Patterns</a> <em>(updates per transaction as calls get executed)</em></td></tr><tr><td><code>approvedVectorHashes</code></td><td><p><code>mapping</code></p><p><code>(bytes32 => bool)</code></p></td><td>a mapping of the <em>(hashed)</em> <a href="/pages/SytHKgKfwQDKzbldyqNt#approved-patterns">Approved Patterns</a></td></tr></tbody></table>

## Methods

### approveMultipleHashes()

#### `function approveMultipleHashes(bytes32[] calldata _vectorHashes)`

Callable only by the policy owner. Approves multiple [Approved Vectors](/firewall/glossary.md#approved-patterns)

| Parameter Name  | Type                 | Description                                                                    |
| --------------- | -------------------- | ------------------------------------------------------------------------------ |
| `_vectorHashes` | `bytes32[] calldata` | an array of [Approved Vectors](/firewall/glossary.md#approved-patterns) hashes |

### removeMultipleHashes()

#### `function removeMultipleHashes(bytes32[] calldata _vectorHashes)`

Callable only by the policy owner. Removes previously  [Approved Vectors](/firewall/glossary.md#approved-patterns) hashes.

| Parameter Name  | Type                 | Description                                                                    |
| --------------- | -------------------- | ------------------------------------------------------------------------------ |
| `_vectorHashes` | `bytes32[] calldata` | an array of [Approved Vectors](/firewall/glossary.md#approved-patterns) hashes |

### setVectorHashStatus()

#### `function setVectorHashStatus(bytes32 _vectorHash, bool _status)`

Callable only by the policy owner. Sets the status *(approve / disapprove)* of a single [Approved Vectors](/firewall/glossary.md#approved-patterns) hash.

| Parameter Name | Type      | Description                                                            |
| -------------- | --------- | ---------------------------------------------------------------------- |
| `_vectorHashe` | `bytes32` | the [Approved Vectors](/firewall/glossary.md#approved-patterns) hashes |
| `_bool`        | `bool`    | `true` to approve or `false` to disapprove                             |

## **Security Lifecycle**

This policy runs during the [Firewall's Pre-Execution hook](/firewall/glossary.md#pre-execution).

## Source Code

On our GitHub repository: [ApprovedVectorsPolicy.sol](https://github.com/ironblocks/onchain-firewall/blob/main/packages/onchain-firewall/contracts/policies/ApprovedVectorsPolicy.sol)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.ironblocks.com/firewall/policies/approved-patterns.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.