# Approved Patterns

## Overview

Powered by our advance AI security engine, this policy will only allows transactions that interact with your protocol in a safe way. The engine provides a list of [Approved Patterns](https://docs.ironblocks.com/firewall/glossary#approved-patterns) - a list of calls that are allowed to be performed in sequence on your protocol - and only these vectors will be allowed to go through.

Any transaction that performs calls outside the [Approved Patterns](https://docs.ironblocks.com/firewall/glossary#approved-patterns) list will be blocked.

## Protected Attack Vector

For certain protocols, zero-day attacks may be discovered by crafting a malicious transaction that makes calls to your smart contracts in a way it wasn't intended to be used.

In such cases, the transaction will be blocked by this policy because the calls in the malicious transaction aren't in the [Approved Patterns](https://docs.ironblocks.com/firewall/glossary#approved-patterns) list.

## How It Works

1. As part of the policy's setup, a list of [Approved Patterns](https://docs.ironblocks.com/firewall/glossary#approved-patterns) is generated by our AI security engine and is configured on the policy.<br>
2. A transaction executing a several calls reaches the [Firewall](https://docs.ironblocks.com/firewall/glossary#firewall).<br>
3. If the calls in the transactions are approved, the transaction will be allowed to go through.\
   If not, the transaction will be reverted.

> Internally, the [Approved Patterns](https://docs.ironblocks.com/firewall/glossary#approved-patterns) lists are hashed for high-efficiency calculation on-chain

## Setup Instructions

1. Deploy your own version of this policy *(see* [*Source Code*](#source-code)*)*.<br>
2. Configure the [Approved Patterns](https://docs.ironblocks.com/firewall/glossary#approved-patterns) you wish to allow for your protocol.\
   \
   **NOTE:** Contact our [Support](https://docs.ironblocks.com/firewall/support) for more information on how to get these generated for your protocol<br>
3. Add the newly deployed policy to the [Firewall](https://docs.ironblocks.com/firewall/glossary#firewall) *(you can do this* [*Globally*](https://docs.ironblocks.com/firewall/configuration/firewall-configuration#global-policies) *or* [*Per-Method*](https://docs.ironblocks.com/firewall/configuration/firewall-configuration#per-method-policies)*, see* [*Policy Administration*](https://docs.ironblocks.com/firewall/configuration/policy-administration)*)*.<br>
4. That's it!

## Properties

<table><thead><tr><th width="257">Name</th><th width="256.3333333333333">Type</th><th>Description</th></tr></thead><tbody><tr><td><code>originCurrentVector</code></td><td><p><code>mapping</code></p><p><code>(address =></code></p><p>   <code>mapping</code></p><p>   <code>(uint => bytes)</code></p><p><code>)</code></p></td><td>a mapping of the currently examined list of <a href="../../glossary#approved-patterns">Approved Patterns</a> <em>(updates per transaction as calls get executed)</em></td></tr><tr><td><code>approvedVectorHashes</code></td><td><p><code>mapping</code></p><p><code>(bytes32 => bool)</code></p></td><td>a mapping of the <em>(hashed)</em> <a href="../../glossary#approved-patterns">Approved Patterns</a></td></tr></tbody></table>

## Methods

### approveMultipleHashes()

#### `function approveMultipleHashes(bytes32[] calldata _vectorHashes)`

Callable only by the policy owner. Approves multiple [Approved Vectors](https://docs.ironblocks.com/firewall/glossary#approved-patterns)

| Parameter Name  | Type                 | Description                                                                                            |
| --------------- | -------------------- | ------------------------------------------------------------------------------------------------------ |
| `_vectorHashes` | `bytes32[] calldata` | an array of [Approved Vectors](https://docs.ironblocks.com/firewall/glossary#approved-patterns) hashes |

### removeMultipleHashes()

#### `function removeMultipleHashes(bytes32[] calldata _vectorHashes)`

Callable only by the policy owner. Removes previously  [Approved Vectors](https://docs.ironblocks.com/firewall/glossary#approved-patterns) hashes.

| Parameter Name  | Type                 | Description                                                                                            |
| --------------- | -------------------- | ------------------------------------------------------------------------------------------------------ |
| `_vectorHashes` | `bytes32[] calldata` | an array of [Approved Vectors](https://docs.ironblocks.com/firewall/glossary#approved-patterns) hashes |

### setVectorHashStatus()

#### `function setVectorHashStatus(bytes32 _vectorHash, bool _status)`

Callable only by the policy owner. Sets the status *(approve / disapprove)* of a single [Approved Vectors](https://docs.ironblocks.com/firewall/glossary#approved-patterns) hash.

| Parameter Name | Type      | Description                                                                                    |
| -------------- | --------- | ---------------------------------------------------------------------------------------------- |
| `_vectorHashe` | `bytes32` | the [Approved Vectors](https://docs.ironblocks.com/firewall/glossary#approved-patterns) hashes |
| `_bool`        | `bool`    | `true` to approve or `false` to disapprove                                                     |

## **Security Lifecycle**

This policy runs during the [Firewall's Pre-Execution hook](https://docs.ironblocks.com/firewall/glossary#pre-execution).

## Source Code

On our GitHub repository: [ApprovedVectorsPolicy.sol](https://github.com/ironblocks/onchain-firewall/blob/main/packages/onchain-firewall/contracts/policies/ApprovedVectorsPolicy.sol)