Whitelist

Overview

This policy acts as an allowlist of accounts that are allowed to interact with your protocol. Transactions from senders that are not in allow list will be reverted.

Protected Attack Vector

This policy protects against fraudulent and/or unauthorized transactions to your protocol. If an attacker discovers some business logic flaw in a smart contract which would normally grant access to restricted parts of your protocol - this allow list policy can mitigate that, by only allowing certain senders access to privileged business flows.

How It Works

  1. Policy owners add allowed senders to the allow list by calling the setConsumerAllowlist() and setting the status to true.

  2. Senders can now interact with the protocol as normal, transactions will be allowed to go through.

  3. As needed, policy owners can remove senders from the allow list by calling setConsumerAllowlist() and setting the status to false.

Setup Instructions

  1. Deploy your own version of this policy (see Source Code).

  2. Call the setConsumerAllowlist() method to setup which consumers are allowed to execute calls to your smart contract.

  3. Add the newly deployed policy to the Firewall (you can do this Globally or Per-Method, see Policy Administration).

  4. That's it!

Properties

Name
Type
Description

consumerAllowlist

mapping

(address =>

mapping

(address => bool)

)

the list of sender addresses that are allowed to access a consumer smart contract for example: [consumerAddress][senderAddress] = true

Methods

setConsumerAllowlist()

function setConsumerAllowlist(address consumer, address account, bool status)

Callable only by the policy owner. Sets the approval of account to send transactions to consumer to either true or false (allowing or disallowing the account to interact with the consumer).

Parameter Name
Type
Description

consumer

address

the consumer smart contract to be protected by this policy

account

address

the sender's address

status

bool

the status of the approval

Security Lifecycle

This policy runs during the Firewall's Pre-Execution hook.

Source Code

On our GitHub repository: AllowlistPolicy.sol

Last updated