Allowlist Interface

Overview

The AllowList is a security feature used by precompiles to manage which addresses have permission to interact with certain contract functionalities. For example, in the Native Minter Precompile, the allow list is used to control who can mint new native tokens.

Role-Based Permissions

The AllowList implements a consistent role-based permission system:

Each precompile that uses the AllowList interface follows this permission structure, though the specific actions allowed for "Enabled" addresses vary depending on the precompile's purpose. For example:

• In the Contract Deployer AllowList, "Enabled" addresses can deploy contracts
• In the Transaction AllowList, "Enabled" addresses can submit transactions
• In the Native Minter, "Enabled" addresses can mint tokens

Interface

The AllowList interface is defined as follows:

//SPDX-License-Identifier: MIT
pragma solidity ^0.8.24;
 
interface IAllowList {
  event RoleSet(uint256 indexed role, address indexed account, address indexed sender, uint256 oldRole);
 
  // Set [addr] to have the admin role over the precompile contract.
  function setAdmin(address addr) external;
 
  // Set [addr] to be enabled on the precompile contract.
  function setEnabled(address addr) external;
 
  // Set [addr] to have the manager role over the precompile contract.
  function setManager(address addr) external;
 
  // Set [addr] to have no role for the precompile contract.
  function setNone(address addr) external;
 
  // Read the status of [addr].
  function readAllowList(address addr) external view returns (uint256 role);
}

Implementation

The AllowList interface is implemented by multiple precompiles in the Subnet-EVM. You can find the core implementation in the subnet-evm repository.

Precompiles Using AllowList

Several precompiles in Subnet-EVM use the AllowList interface:

• Native Minter
• Fee Manager
• Reward Manager
• Contract Deployer Allow List
• Transaction Allow List