Skip to content
/ substrate-account-filter Public

A Substrate frame pallet for account-level permissioning using account whitelisting.

License

MIT license
1 star 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

UncleTom29/substrate-account-filter

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
src
src
 
 
Cargo.lock
Cargo.lock
 
 
Cargo.toml
Cargo.toml
 
 
LICENSE
LICENSE
 
 
readme.md
readme.md
 
 

Repository files navigation

Substrate Account Filter

A Substrate pallet for account-level filtering/permissioning.

The pallet maintains a allow-list of accounts that are permitted to submit extrinsics. Sudo (or any other governance mechanism, when supported) could be used to add and remove accounts from this list.

The filtering of incoming extrinsics and their sender accounts is done during the transaction queue validation, using the SignedExtension trait.

Usage

  • Add the module's dependency in the Cargo.toml of your runtime directory. Make sure to enter the correct path or git url of the pallet as per your setup.
[dependencies.account_filter]
package = 'substrate-account-filter'
git = 'https://github.com/uncletom29/substrate-account-filter.git'
default-features = false
  • Declare the pallet in your runtime/src/lib.rs.
pub use account_filter;

impl account_filter::Config for Runtime {
    type Event = Event;
}

construct_runtime!(
    pub enum Runtime where
        Block = Block,
        NodeBlock = opaque::Block,
        UncheckedExtrinsic = UncheckedExtrinsic
    {
        ...
        ...
        ...
        AccountFilter: account_filter::{Module, Call, Storage, Event<T>, Config<T>},
    }
);
  • Add the module's AllowAccount type in the SignedExtra checklist.
pub type SignedExtra = (
    ...
    ...
    balances::TakeFees<Runtime>,
    account_filter::AllowAccount<Runtime>
  • Add a genesis configuration for the module in the src/chain_spec.rs file. This configuration adds the initial account ids to the account allow-list.
    use node_template_runtime::{..., AccountFilterConfig};
    ...
    account_filter: Some(AccountFilterConfig {
        allowed_accounts: vec![
            (get_account_id_from_seed::<sr25519::Public>("Alice"), ()),
            (get_account_id_from_seed::<sr25519::Public>("Bob"), ())],
    }),
  • cargo build --release and then cargo run --release -- --dev

When the node starts, only the AccountIds added in the genesis config of this module will be able to send extrinsics to the runtime. This means that you should not leave the genesis config empty or else no one will be able to submit any extrinsics.

New AccountIds can be added to the allow-list by calling the pallet's add_account function using root key as origin.

Potential extension

  • The addition and removal of AccountIds to the allow-list can also be done using other governance methods instead of root.
  • The logic can be reversed to maintain a deny-list of accounts to prevent those AccountIds from sending extrinsics.

About

A Substrate frame pallet for account-level permissioning using account whitelisting.

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages