Whitelist
Overview
This policy acts as an allowlist of accounts that are allowed to interact with your protocol. Transactions from senders that are not in allow list will be reverted.
Protected Attack Vector
This policy protects against fraudulent and/or unauthorized transactions to your protocol. If an attacker discovers some business logic flaw in a smart contract which would normally grant access to restricted parts of your protocol - this allow list policy can mitigate that, by only allowing certain senders access to privileged business flows.
How It Works
Policy owners add allowed senders to the allow list by calling the
setConsumerAllowlist()
and setting the status totrue
.Senders can now interact with the protocol as normal, transactions will be allowed to go through.
As needed, policy owners can remove senders from the allow list by calling
setConsumerAllowlist
() and setting the status tofalse
.
Setup Instructions
Deploy your own version of this policy (see Source Code).
Call the
setConsumerAllowlist()
method to setup which consumers are allowed to execute calls to your smart contract.Add the newly deployed policy to the Firewall (you can do this Globally or Per-Method, see Policy Administration).
That's it!
Properties
consumerAllowlist
mapping
(address =>
mapping
(address => bool)
)
the list of sender addresses that are allowed to access a consumer smart contract
for example:
[consumerAddress][senderAddress] = true
Methods
setConsumerAllowlist()
function setConsumerAllowlist(address consumer, address account, bool status)
function setConsumerAllowlist(address consumer, address account, bool status)
Callable only by the policy owner. Sets the approval of account
to send transactions to consumer
to either true
or false
(allowing or disallowing the account
to interact with the consumer
).
consumer
address
the consumer smart contract to be protected by this policy
account
address
the sender's address
status
bool
the status of the approval
Security Lifecycle
This policy runs during the Firewall's Pre-Execution hook.
Source Code
On our GitHub repository: AllowlistPolicy.sol
Last updated