EOA Only

Overview

This policy will only allow an EOA to interact with your smart contracts, which is useful if you know that your protocol is expected to only server external users.

If you're protocol has multiple smart contracts where each of them should only be allowed to access from an EOA - but can themselves interact with each other - this policy allows for this too.

Protected Attack Vector

Most attacks on the smart contracts come from other, malicious smart contracts which are specially crafted to exploit some vulnerability in a protocol's business logic.

This policy protects against this attack vector by only allowing EOAs to interact with your smart contracts, so that a transaction coming from a malicious smart contract will be blocked.

How It Works

When a transaction reaches this policy, it first checks if the sender is an EOA - or alternatively - if it's coming from a contract that was allowlisted (i.e. a different smart contract in your protocol).
If the above check passes, the transaction will be allowed to go through.
Otherwise, the transaction will be reverted.

Setup Instructions

That's it!

Properties

Name

Type

Description

allowedContracts

mapping

(address => bool)

the allowlist of contracts that are allowed to interact with your smart contracts these would normally be other smart contracts in your protocol which should be allowed to interact with each other

Methods

setAllowedContracts()

`function setAllowedContracts(address contractAddress, bool status)`

Callable only by the policy owner. Sets whether or contractAddress is allowlisted in this policy.

Parameter Name

Type

Description

contractAddress

address

the address of a smart contract to be allowed / disallowed

status

bool

the status of the approval

Security Lifecycle

Source Code

PreviousBalance Guard NextMethod Block

Last updated 11 months ago

Overview

This policy will only allow an EOA to interact with your smart contracts, which is useful if you know that your protocol is expected to only server external users.

If you're protocol has multiple smart contracts where each of them should only be allowed to access from an EOA - but can themselves interact with each other - this policy allows for this too.

Protected Attack Vector

Most attacks on the smart contracts come from other, malicious smart contracts which are specially crafted to exploit some vulnerability in a protocol's business logic.

This policy protects against this attack vector by only allowing EOAs to interact with your smart contracts, so that a transaction coming from a malicious smart contract will be blocked.

How It Works

When a transaction reaches this policy, it first checks if the sender is an EOA - or alternatively - if it's coming from a contract that was allowlisted (i.e. a different smart contract in your protocol).

If the above check passes, the transaction will be allowed to go through.

Otherwise, the transaction will be reverted.

Methods

setAllowedContracts()

function setAllowedContracts(address contractAddress, bool status)

Callable only by the policy owner. Sets whether or contractAddress is allowlisted in this policy.

Parameter Name

Type

Description

contractAddress

address

the address of a smart contract to be allowed / disallowed

status

bool

the status of the approval