Allowlist Interface

Understand the AllowList interface used by many Avalanche L1 precompiles and how its roles work.

Avalanche L1s ship multiple default precompiles that need access control, this is done via the same audited permission interface: the AllowList interface.

Permission levels

The roles are:

  • Admin: can manage all roles (Admin, Manager, Enabled).
  • Manager: can manage Enabled addresses only.
  • Enabled: can use the precompile’s functionality (what that means depends on the specific precompile).
  • None: no access.

This is a role-based access control pattern, implemented consistently across precompiles that opt into it.

AllowList interface

This interface exposes a small set of functions to manage roles for addresses:

Functions

  • setAdmin(address addr): give addr Admin role.
  • setManager(address addr): give addr Manager role.
  • setEnabled(address addr): give addr Enabled role.
  • setNone(address addr): remove any role from addr (back to None).
  • readAllowList(address addr) -> uint256: read the current role value.

Precompiles that use AllowList

Several default Avalanche L1 precompiles implement this interface (examples):

Is this guide helpful?

Introduction to Precompiles

A quick refresher on precompiles and why Avalanche L1s use them for privileged features.

Access Control Use-cases

Why institutions and regulated businesses need transaction and contract deployment controls.

On this page

Permission levels
AllowList interface
Functions
Precompiles that use AllowList

Page Actions

Edit on GitHubReport Issue
Instructors:
Nicolas Arnedo
Nicolas Arnedo
Developer Relations Engineer
Join Telegram Course Chat