Firewall Documentation
Home
  • Overview
  • Quick Start
    • Using Function Modifiers
    • Using Proxy Patterb
  • Concepts
  • Configuration
    • Governance
    • Firewall Configuration
    • Policy Administration
  • How It Works
  • Smart Contracts
    • Firewall.sol
    • FirewallConsumer.sol
    • FirewallProxyAdmin.sol
    • FirewallTransparentUpgradableProxy.sol
  • Policies
    • Admin Notary
    • Whitelist
    • Approved Calls
    • Approved Patterns
    • Balance Guard
    • EOA Only
    • Method Block
    • Custom Protector
    • Non Reentrant
    • Combined Policies
  • Addresses
  • Glossary
  • Support
  • FAQ
Powered by GitBook
On this page
  • Overview
  • Protected Attack Vector
  • How It Works
  • Setup Instructions
  • Properties
  • Methods
  • setConsumerMaxBalanceChange()
  • removeToken()
  • View Functions
  • getConsumerTokens()
  • Security Lifecycle
  • Source Code
  1. Policies

Balance Guard

PreviousApproved PatternsNextEOA Only

Last updated 11 months ago

Overview

This policy makes sure that a the balance of some address in some token (Native or ERC20) doesn't change over an allowed threshold with any given transaction.

Protected Attack Vector

If an attacker gains privileged access to an account (wallet or smart contract) - either by stealing the private keys or by exploiting some vulnerability - and the account has some balance in some token (Native or ERC20) - this policy will block a malicious transaction from going through if the change in balance is above a configured threshold for the token.

How It Works

  1. When a transaction reaches this policy in the hook, it first looks up the balances of the account in it's configured tokens.

  2. Then, in the hook, the policy compares the difference in balance (per token) against it's configured change-threshold.

  3. If the transaction changed the balance more than is allowed by the threshold, it will be reverted.

Setup Instructions

  1. Deploy your own version of this policy (see ).

  2. Call the method to configure the balance change thresholds.

  3. Add the newly deployed policy to the (you can do this or , see ).

  4. That's it!

Properties

Name
Type
Description

consumerMaxBalanceChange

mapping

(address =>

mapping

(address => uint)

)

a mapping between accounts, tokens, and their balance balance change threshold

for example: [someAccount][someToken] = 50000

consumerLastBalance

mapping

(address =>

mapping

(address => uint[])

)

a mapping between accounts, tokens, and their balances before executing the transaction

Methods

setConsumerMaxBalanceChange()

function setConsumerMaxBalanceChange(address consumer, address token, uint maxBalanceChange)

Callable only by the policy owner. Sets the maximum balance change that can take place on the given token in a transaction.

Parameter Name
Type
Description

consumer

address

the account holding the balance

token

address

the token to track balance changes for

maxBalanceChange

uint

the maximum balance change for the token

removeToken()

function removeToken(address consumer, address token)

Callable only by the policy owner. Removes the token from the consumer, so that the policy will no longer track balance changes on that token.

Parameter Name
Type
Description

consumer

address

the account holding the balance

token

address

the token to track balance changes for

View Functions

getConsumerTokens()

function getConsumerTokens(address consumer)

Gets the tokens and their configured balance change threshold for consumer.

Parameter Name
Type
Description

consumer

address

the account holding the balance

Security Lifecycle

Source Code

This policy runs during both the Firewall's and the hooks.

On our GitHub repository:

BalanceChangePolicy.sol
Policy Administration
Source Code
setConsumerMaxBalanceChange()
Globally
Per-Method
Pre Execution
Post Execution
Firewall
Pre Execution
Post Execution