AllowList Interface

Overview

The AllowList is a security feature used by precompiles to manage which addresses have permission to interact with certain contract functionalities. It provides a consistent role-based permission system inherited by all precompiles that use it.

Role-Based Permissions

The AllowList implements a consistent role-based permission system:

Each precompile that uses the AllowList interface follows this permission structure, though the specific actions allowed for "Enabled" addresses vary depending on the precompile's purpose. For example:

• In the Contract Deployer AllowList, "Enabled" addresses can deploy contracts
• In the Transaction AllowList, "Enabled" addresses can submit transactions
• In the Native Minter, "Enabled" addresses can mint tokens

Interface

The AllowList interface is defined as follows:

//SPDX-License-Identifier: MIT
pragma solidity ^0.8.24;

interface IAllowList {
  event RoleSet(uint256 indexed role, address indexed account, address indexed sender, uint256 oldRole);

  // Set [addr] to have the admin role over the precompile contract.
  function setAdmin(address addr) external;

  // Set [addr] to be enabled on the precompile contract.
  function setEnabled(address addr) external;

  // Set [addr] to have the manager role over the precompile contract.
  function setManager(address addr) external;

  // Set [addr] to have no role for the precompile contract.
  function setNone(address addr) external;

  // Read the status of [addr].
  function readAllowList(address addr) external view returns (uint256 role);
}

Implementation

The AllowList interface is implemented by multiple precompiles in the Subnet-EVM. You can find the core implementation in the subnet-evm repository.

Precompiles Using AllowList

Several precompiles in Subnet-EVM use the AllowList interface:

• Deployer AllowList
• Transaction AllowList
• Native Minter
• Fee Manager
• Reward Manager