Custom Protector
Last updated
Last updated
This policy allows you to implement custom logic that checks and maintains the integrity of your smart contract's data by integrating invariants testing tailored to your business requirements.
This works by registering an additional Invariants Logic Contract
with the policy, which will receive all the data it needs to identify if a malicious state has taken place.
IMPORTANT: To use this policy, your must be using the modifier for functions you want to protect with this policy
This policy protects against malicious changes to the state of your smart contracts in a way that violates your business rules.
A malicious transaction is sent to your contract.
The policy saves a snapshot of the configured private variables of your smart contract before the transaction is executed.
The transaction is then allowed to start executing it's calls to your smart contracts.
Before the transaction is committed, the policy takes a second snapshot of the private variables, and sends both versions ("before" and "after") to the Invariants Logic Contract
.
The Invariants Logic Contract
contract inspects the state change.
If the transaction change the state in a way that breaks the protocol's business rules, the transaction will be reverted.
Otherwise, it is allowed to go through and is committed to the blockchain.
That's it!
invariantLogicContract
address
the address of a smart contract that will inspect the states before / after a transaction is executed
sighashInvariantStorageSlots
mapping
(address => mapping
(bytes4 => bytes32[])
)
function setSighashInvariantStorageSlots(address consumer, bytes4 sighash, bytes32[] calldata storageSlots)
consumer
address
the consumer address
sigHash
bytes4
the method signature
storageSlots
bool
the status of the approval
function setInvariantLogicContract(address _invariantLogicContract)
Callable only by the policy owner. Sets the a new address for the Invariants Logic Contract
contract.
_invariantLogicContract
address
the new address to set
Deploy your own version of this policy (see ).
Call the method to set the address of the Invariants Logic Contract
.
Call the method to set the storage slots for the invariants per function.
Add the newly deployed policy to the (you can do this or , see ).
a mapping between addresses of to a mapping of sig-hashes and memory addresses where state changes are stored
Callable only by the policy owner. Sets the memory slots where state is kept (per function signature hash) for the contract.
This policy runs during both the Firewall's and the hooks.
On our GitHub repository: