Granite Upgrade Activates in00d:00h:00m:00sLearn more
NetworkNodesAPIsToolsACPs
Precompiles

Deployer AllowList

Control which addresses can deploy smart contracts on your Avalanche L1 blockchain.

Overview

The Contract Deployer Allowlist allows you to maintain a controlled environment where only authorized addresses can deploy new smart contracts. This is particularly useful for:

  • Maintaining a curated ecosystem of verified contracts
  • Preventing malicious contract deployments
  • Implementing KYC/AML requirements for contract deployers
PropertyValue
Address0x0200000000000000000000000000000000000000
ConfigKeycontractDeployerAllowListConfig

Configuration

You can activate this precompile in your genesis file:

{
  "config": {
    "contractDeployerAllowListConfig": {
      "blockTimestamp": 0,
      "adminAddresses": ["0x8db97C7cEcE249c2b98bDC0226Cc4C2A57BF52FC"]
    }
  }
}

By enabling this feature, you can define which addresses are allowed to deploy smart contracts and manage these permissions over time.

Interface

The Contract Deployer Allowlist implements the AllowList interface:

//SPDX-License-Identifier: MIT
pragma solidity ^0.8.24;

interface IAllowList {
  event RoleSet(uint256 indexed role, address indexed account, address indexed sender, uint256 oldRole);

  // Set [addr] to have the admin role over the precompile contract.
  function setAdmin(address addr) external;

  // Set [addr] to be enabled on the precompile contract.
  function setEnabled(address addr) external;

  // Set [addr] to have the manager role over the precompile contract.
  function setManager(address addr) external;

  // Set [addr] to have no role for the precompile contract.
  function setNone(address addr) external;

  // Read the status of [addr].
  function readAllowList(address addr) external view returns (uint256 role);
}

Permissions Management

The Deployer Allowlist uses the AllowList interface to manage permissions. This provides a consistent way to:

  • Assign and revoke deployment permissions
  • Manage admin and manager roles
  • Control who can deploy contracts

For detailed information about the role-based permission system and available functions, see the AllowList interface documentation.

Best Practices

  1. Initial Setup: Always configure at least one admin address in the genesis file to ensure you can manage permissions after deployment.

  2. Role Management:

    • Use Admin roles sparingly and secure their private keys
    • Assign Manager roles to trusted entities who need to manage user access
    • Regularly audit the list of enabled addresses

  3. Security Considerations:

    • Keep private keys of admin addresses secure
    • Implement a multi-sig wallet as an admin for additional security
    • Maintain an off-chain record of role assignments

  4. Monitoring:

    • Monitor the RoleSet events to track permission changes
    • Regularly audit the enabled addresses list
    • Keep documentation of why each address was granted permissions

Implementation

You can find the implementation in the subnet-evm repository.

Interacting with the Precompile

For information on how to interact with this precompile, see:

Is this guide helpful?

AllowList Interface

The AllowList interface is used by many default precompiles to permission access to the features they provide.

Transaction AllowList

Control which addresses can submit transactions on your Avalanche L1 blockchain.

On this page

Overview
Configuration
Interface
Permissions Management
Best Practices
Implementation
Interacting with the Precompile

Page Actions

Edit on GitHubReport Issue