# EOA Only

## Overview

This policy will only allow an EOA to interact with your smart contracts, which is useful if you know that your protocol is expected to only server external users.

> If you're protocol has multiple smart contracts where each of them should only be allowed to access from an EOA - but can themselves interact with each other - this policy allows for this too.

## Protected Attack Vector

Most attacks on the smart contracts come from other, malicious smart contracts which are specially crafted to exploit some vulnerability in a protocol's business logic.

This policy protects against this attack vector by only allowing EOAs to interact with your smart contracts, so that a transaction coming from a malicious smart contract will be blocked.

## How It Works

1. When a transaction reaches this policy, it first checks if the sender is an EOA - or alternatively - if it's coming from a contract that was allowlisted *(i.e. a different smart contract in your protocol)*.<br>
2. If the above check passes, the transaction will be allowed to go through.<br>
3. Otherwise, the transaction will be reverted.

## Setup Instructions

1. Deploy your own version of this policy *(see* [*Source Code*](#source-code)*)*.<br>
2. Call the [setAllowedContracts()](#setallowedcontracts) method to configure any smart contracts within your protocol that should be allowed to interact with each other.<br>
3. Add the newly deployed policy to the [Firewall](/firewall/glossary.md#firewall) *(you can do this* [*Globally*](/firewall/configuration/firewall-configuration.md#global-policies) *or* [*Per-Method*](/firewall/configuration/firewall-configuration.md#per-method-policies)*, see* [*Policy Administration*](/firewall/configuration/policy-administration.md)*)*.<br>
4. That's it!

## Properties

<table><thead><tr><th width="220">Name</th><th width="256.3333333333333">Type</th><th>Description</th></tr></thead><tbody><tr><td><code>allowedContracts</code></td><td><p><code>mapping</code></p><p><code>(address => bool)</code></p></td><td>the allowlist of contracts that are allowed to interact with your smart contracts<br><br>these would normally be other smart contracts in your protocol which should be allowed to interact with each other</td></tr></tbody></table>

## Methods

### setAllowedContracts()

#### `function setAllowedContracts(address contractAddress, bool status)`

Callable only by the policy owner. Sets whether or `contractAddress` is allowlisted in this policy.<br>

| Parameter Name    | Type      | Description                                                |
| ----------------- | --------- | ---------------------------------------------------------- |
| `contractAddress` | `address` | the address of a smart contract to be allowed / disallowed |
| `status`          | `bool`    | the status of the approval                                 |

<br>

## **Security Lifecycle**

This policy runs during the [Firewall's Pre-Execution hook](/firewall/glossary.md#pre-execution).

## Source Code

On our GitHub repository: [OnlyEOAPolicy.sol](https://github.com/ironblocks/onchain-firewall/blob/main/packages/onchain-firewall/contracts/policies/OnlyEOAPolicy.sol)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.ironblocks.com/firewall/policies/eoa-only.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.