EOA Only

Overview

This policy will only allow an EOA to interact with your smart contracts, which is useful if you know that your protocol is expected to only server external users.

If you're protocol has multiple smart contracts where each of them should only be allowed to access from an EOA - but can themselves interact with each other - this policy allows for this too.

Protected Attack Vector

Most attacks on the smart contracts come from other, malicious smart contracts which are specially crafted to exploit some vulnerability in a protocol's business logic.

This policy protects against this attack vector by only allowing EOAs to interact with your smart contracts, so that a transaction coming from a malicious smart contract will be blocked.

How It Works

  1. When a transaction reaches this policy, it first checks if the sender is an EOA - or alternatively - if it's coming from a contract that was allowlisted (i.e. a different smart contract in your protocol).

  2. If the above check passes, the transaction will be allowed to go through.

  3. Otherwise, the transaction will be reverted.

Setup Instructions

  1. Deploy your own version of this policy (see Source Code).

  2. Call the setAllowedContracts() method to configure any smart contracts within your protocol that should be allowed to interact with each other.

  3. Add the newly deployed policy to the Firewall (you can do this Globally or Per-Method, see Policy Administration).

  4. That's it!

Properties

NameTypeDescription

allowedContracts

mapping

(address => bool)

the allowlist of contracts that are allowed to interact with your smart contracts these would normally be other smart contracts in your protocol which should be allowed to interact with each other

Methods

setAllowedContracts()

function setAllowedContracts(address contractAddress, bool status)

Callable only by the policy owner. Sets whether or contractAddress is allowlisted in this policy.

Parameter NameTypeDescription

contractAddress

address

the address of a smart contract to be allowed / disallowed

status

bool

the status of the approval

Security Lifecycle

This policy runs during the Firewall's Pre-Execution hook.

Source Code

On our GitHub repository: OnlyEOAPolicy.sol

Last updated