Yearn announced Yearn Allowlist on May 6, 2022, in order to improve product security. As a result, I conducted some research to see how Allowlists might improve product security.
Scenarios
Man-in-the-middle attacks are usually avoided by using this method. For example, to retrieve txdata, load it into a transaction, and send it out, the user will frequently utilize the paraswap API. The user's assets may be lost if the returned txdata is maliciously manipulated by an intermediary hacker. You may now use paraswap's allowlist to check whether the returned txdata is accurate. (This is just an example; I'm not sure whether or not paraswap uses allowlist.)
Allowlist defines a schema that other people can use to make their own allowlists. Multiple conditions make up the allowlist. When txdata meets one of the conditions, it is valid.
Flow
Condition
A condition refers to a function and provides an implementation contract. A condition defines the data sequence (including checking function, implementation id...) The format of each condition is depicted in the diagram below.
id: condition idimplementationId: An implementation contract address is represented by an id. The imlementationById map stored in the allowlist contract corresponds to the id and contract address.methodName: The name of the target contract's method to invoke.paramTypes: The types of the function arguments.requirements: There are two parts (type and verify function).target(check target contract) andparamsare the two types (check function parameters). The verification function specifies which implementation function should be used for checking.
ValidateCalldataByAllowlist() checks every condition registered in Allowlist. testCondition() will go over the conditions that were previously registered in Allowlist.
Verify the order
Check Function Selector
Calculate the function selector using the methodName and paramTypes of the condition to compare the first four bytes of txdata.
Check Target Address
CheckTarget() is called if the requirement type is target. To generate txdata, use methodSignature and targetAddress, and call the implementation's verify function with staticCall.
Check function parameters
If the requirement type is params, CheckParams() is called. To acquire the parameter values, use AbiDecoder.getParamFromCalldata() with data and paramsTypes.
To make a txdata, combine the verify function (methodSignature) with the value of the params just solved. To call the implementation's verification function, use staticCall.
Connect Allowlist to website
It is advised that you utilize ENS/DNSSEC to validate the Allowlist's authenticity.
Personal Thoughts
DApps are becoming increasingly complicated, and performing all computations on-chain will undoubtedly consume a significant amount of gas. Off-chain APIs may become a viable option in the future, but they raise additional security risks. Allowlist is an attempt to reconcile off-chain and on-chain data inconsistencies. To reduce risks and prevent the loss of user assets caused by malicious attacks, it is suggested that all services that provide APIs develop an Allowlist method.