Firewall Documentation
Home
  • Overview
  • Quick Start
    • Using Function Modifiers
    • Using Proxy Patterb
  • Concepts
  • Configuration
    • Governance
    • Firewall Configuration
    • Policy Administration
  • How It Works
  • Smart Contracts
    • Firewall.sol
    • FirewallConsumer.sol
    • FirewallProxyAdmin.sol
    • FirewallTransparentUpgradableProxy.sol
  • Policies
    • Admin Notary
    • Whitelist
    • Approved Calls
    • Approved Patterns
    • Balance Guard
    • EOA Only
    • Method Block
    • Custom Protector
    • Non Reentrant
    • Combined Policies
  • Addresses
  • Glossary
  • Support
  • FAQ
Powered by GitBook
On this page
  • Overview
  • Protected Attack Vector
  • How It Works
  • Setup Instructions
  • Properties
  • Methods
  • setConsumersStatuses()
  • setFireall()
  • setAllowedCombinations()
  • Security Lifecycle
  • Source Code
  1. Policies

Combined Policies

PreviousNon ReentrantNextAddresses

Last updated 11 months ago

Overview

This policy allows you to customize a tailored security blanket for your protocol, unique to your protocol's business offering. This is a common best practice through which security is seen as a multi-layered onion, where each layer protects against different attack vectors.

Protected Attack Vector

Based on your configuration, this policy will allow you to protect against any number of attack vectors, by combining them in different orders and configurations.

How It Works

  1. When a transaction reaches this policy, it goes through the list of configured policy combinations.

  2. Once all policies finished executing and inspecting the incoming transactions, the policy checks if the combined results matches any of the configured combinations.

  3. If a matching combination exist, the transaction will be allowed to go through. Otherwise, it will be reverted.

Setup Instructions

  1. Deploy your own version of this policy (see ).

  2. Call the method to configure which consumers are allowed to interact with this policy.

  3. Call the method to set which is allowed to use this policy.

  4. Call the method to set what policies combinations you want this policy to work with.

  5. Add the newly deployed policy to the (you can do this or , see ).

  6. That's it!

Properties

Name
Type
Description

firewallAddress

address

allowedCombinationHashes

bytes32[]

the list of allowed policies combinations (hashed)

isAllowedCombination

mapping (bytes32 => bool)

a mapping between combination hashes and their status (true or false)

approvedConsumer

mapping (address => bool)

a mapping of allowed consumers

policies

addresses[]

a list of policy addresses

currentResults

bool[][]

a matrix of inspection results, used throughout the execution of the configured policies

Methods

setConsumersStatuses()

function setConsumersStatuses(address[] calldata consumers, bool[] calldata statuses)

Callable only by the policy owner. Sets which consumers are allowed to use this policy.

Parameter Name
Type
Description

consumers

address[] calldata

a list of consumers for which we're setting the statuses

statuses

bool[] calldata

a list of statuses to approve / disapprove the corresponding consumers

setFireall()

function setFirewall(address _firewallAddress)

Parameter Name
Type
Description

_firewallAddress

address

setAllowedCombinations()

function setAllowedCombinations(address[] calldata _policies, bool[][] calldata _allowedCombinations)

Callable only by the policy owner. Sets the policies combinations that the policy will use.

Parameter Name
Type
Description

_policies

address[] calldata

a list of addresses for the policies we want to configure combinations for

_allowedCombinations

bool[][]

a matrix of combinations for allowed policies the row length must match the length of the _policies array each row represents a combination policies that need to pass in order to allow the transaction to go through

Security Lifecycle

Source Code

the address of the that can use this policy

Callable only by the policy owner. Sets the that can use this policy.

the address of the to set

This policy runs during both the Firewall's and the hooks.

On our GitHub repository:

CombinedPoliciesPolicy.sol
Firewall
Policy Administration
Source Code
setConsumersStatuses()
setFirewall()
setAllowedCombinations()
Globally
Per-Method
Firewall
Firewall
Firewall
Pre Execution
Post Execution
Firewall