Firewall Documentation
Home
  • Overview
  • Quick Start
    • Using Function Modifiers
    • Using Proxy Patterb
  • Concepts
  • Configuration
    • Governance
    • Firewall Configuration
    • Policy Administration
  • How It Works
  • Smart Contracts
    • Firewall.sol
    • FirewallConsumer.sol
    • FirewallProxyAdmin.sol
    • FirewallTransparentUpgradableProxy.sol
  • Policies
    • Admin Notary
    • Whitelist
    • Approved Calls
    • Approved Patterns
    • Balance Guard
    • EOA Only
    • Method Block
    • Custom Protector
    • Non Reentrant
    • Combined Policies
  • Addresses
  • Glossary
  • Support
  • FAQ
Powered by GitBook
On this page
  • Overview
  • Protected Attack Vector
  • How It Works
  • Setup Instructions
  • Properties
  • Methods
  • approveMultipleHashes()
  • removeMultipleHashes()
  • setVectorHashStatus()
  • Security Lifecycle
  • Source Code
  1. Policies

Approved Patterns

PreviousApproved CallsNextBalance Guard

Last updated 11 months ago

Overview

Powered by our advance AI security engine, this policy will only allows transactions that interact with your protocol in a safe way. The engine provides a list of - a list of calls that are allowed to be performed in sequence on your protocol - and only these vectors will be allowed to go through.

Any transaction that performs calls outside the list will be blocked.

Protected Attack Vector

For certain protocols, zero-day attacks may be discovered by crafting a malicious transaction that makes calls to your smart contracts in a way it wasn't intended to be used.

In such cases, the transaction will be blocked by this policy because the calls in the malicious transaction aren't in the list.

How It Works

  1. As part of the policy's setup, a list of is generated by our AI security engine and is configured on the policy.

  2. A transaction executing a several calls reaches the .

  3. If the calls in the transactions are approved, the transaction will be allowed to go through. If not, the transaction will be reverted.

Internally, the lists are hashed for high-efficiency calculation on-chain

Setup Instructions

  4. That's it!

Properties

Name
Type
Description

originCurrentVector

mapping

(address =>

mapping

(uint => bytes)

)

approvedVectorHashes

mapping

(bytes32 => bool)

Methods

approveMultipleHashes()

function approveMultipleHashes(bytes32[] calldata _vectorHashes)

Parameter Name
Type
Description

_vectorHashes

bytes32[] calldata

removeMultipleHashes()

function removeMultipleHashes(bytes32[] calldata _vectorHashes)

Parameter Name
Type
Description

_vectorHashes

bytes32[] calldata

setVectorHashStatus()

function setVectorHashStatus(bytes32 _vectorHash, bool _status)

Parameter Name
Type
Description

_vectorHashe

bytes32

_bool

bool

true to approve or false to disapprove

Security Lifecycle

Source Code

Deploy your own version of this policy (see ).

Configure the you wish to allow for your protocol. NOTE: Contact our for more information on how to get these generated for your protocol

Add the newly deployed policy to the (you can do this or , see ).

a mapping of the currently examined list of (updates per transaction as calls get executed)

a mapping of the (hashed)

Callable only by the policy owner. Approves multiple

an array of hashes

Callable only by the policy owner. Removes previously hashes.

an array of hashes

Callable only by the policy owner. Sets the status (approve / disapprove) of a single hash.

the hashes

This policy runs during the .

On our GitHub repository:

ApprovedVectorsPolicy.sol
Source Code
Support
Policy Administration
Globally
Per-Method
Approved Patterns
Approved Patterns
Approved Patterns
Approved Patterns
Firewall
Approved Patterns
Approved Patterns
Firewall
Approved Vectors
Approved Vectors
Approved Vectors
Firewall's Pre-Execution hook
Approved Patterns
Approved Patterns
Approved Vectors
Approved Vectors
Approved Vectors