Firewall Documentation
Home
  • Overview
  • Quick Start
    • Using Function Modifiers
    • Using Proxy Patterb
  • Concepts
  • Configuration
    • Governance
    • Firewall Configuration
    • Policy Administration
  • How It Works
  • Smart Contracts
    • Firewall.sol
    • FirewallConsumer.sol
    • FirewallProxyAdmin.sol
    • FirewallTransparentUpgradableProxy.sol
  • Policies
    • Admin Notary
    • Whitelist
    • Approved Calls
    • Approved Patterns
    • Balance Guard
    • EOA Only
    • Method Block
    • Custom Protector
    • Non Reentrant
    • Combined Policies
  • Addresses
  • Glossary
  • Support
  • FAQ
Powered by GitBook
On this page
  • Overview
  • Protected Attack Vector
  • How It Works
  • Setup Instructions
  • Properties
  • Methods
  • setConsumerAllowlist()
  • Security Lifecycle
  • Source Code
  1. Policies

Whitelist

PreviousAdmin NotaryNextApproved Calls

Last updated 11 months ago

Overview

This policy acts as an allowlist of accounts that are allowed to interact with your protocol. Transactions from senders that are not in allow list will be reverted.

Protected Attack Vector

This policy protects against fraudulent and/or unauthorized transactions to your protocol. If an attacker discovers some business logic flaw in a smart contract which would normally grant access to restricted parts of your protocol - this allow list policy can mitigate that, by only allowing certain senders access to privileged business flows.

How It Works

  1. Policy owners add allowed senders to the allow list by calling the and setting the status to true.

  2. Senders can now interact with the protocol as normal, transactions will be allowed to go through.

  3. As needed, policy owners can remove senders from the allow list by calling and setting the status to false.

Setup Instructions

  1. Deploy your own version of this policy (see ).

  2. Call the method to setup which consumers are allowed to execute calls to your smart contract.

  3. Add the newly deployed policy to the (you can do this or , see ).

  4. That's it!

Properties

Name
Type
Description

consumerAllowlist

mapping

(address =>

mapping

(address => bool)

)

the list of sender addresses that are allowed to access a consumer smart contract for example: [consumerAddress][senderAddress] = true

Methods

setConsumerAllowlist()

function setConsumerAllowlist(address consumer, address account, bool status)

Callable only by the policy owner. Sets the approval of account to send transactions to consumer to either true or false (allowing or disallowing the account to interact with the consumer).

Parameter Name
Type
Description

consumer

address

the consumer smart contract to be protected by this policy

account

address

the sender's address

status

bool

the status of the approval

Security Lifecycle

Source Code

This policy runs during the .

On our GitHub repository:

AllowlistPolicy.sol
Policy Administration
setConsumerAllowlist()
setConsumerAllowlist()
Source Code
setConsumerAllowlist()
Globally
Per-Method
Firewall
Firewall's Pre-Execution hook