Permissioning Precompiles

Understand the Transaction AllowList and Contract Deployer AllowList precompiles for access control.

This course focuses on two precompiles that control who can interact with your Avalanche L1:

PrecompileControlsAddress
Transaction AllowListWho can submit transactions0x0200000000000000000000000000000000000002
Contract Deployer AllowListWho can deploy contracts0x0200000000000000000000000000000000000000

As we saw, both use the same AllowList interface for role management.

Transaction AllowList

Controls who can submit transactions to your L1. If a wallet address is not allowed, transactions from that address will fail before execution.

  • Genesis config key: txAllowListConfig

Contract Deployer AllowList

Controls who can deploy smart contracts on your L1. If an address is not allowed, contract deployment transactions will revert.

  • Genesis config key: contractDeployerAllowListConfig

Genesis Activation

To enable these precompiles from genesis, include their config blocks. The Console will have toggle buttons to do this automatically:

{
  "config": {
    "txAllowListConfig": {
      "blockTimestamp": 0,
      "adminAddresses": ["0x...yourAdminAddress"]
    },
    "contractDeployerAllowListConfig": {
      "blockTimestamp": 0,
      "adminAddresses": ["0x...yourAdminAddress"]
    }
  }
}

The adminAddresses become AllowList Admins for each precompile (can manage Admin/Manager/Enabled roles).

In the next step, you'll create an L1 with both precompiles enabled.

Is this guide helpful?

Access Control Use-cases

Why institutions and regulated businesses need transaction and contract deployment controls.

Create Your L1

Create an L1 with Transaction and Contract Deployer Allowlist precompiles enabled using BuilderHub hosted nodes.

On this page

Transaction AllowList
Contract Deployer AllowList
Genesis Activation

Page Actions

Edit on GitHubReport Issue
Instructors:
Nicolas Arnedo
Nicolas Arnedo
Developer Relations Engineer
Join Telegram Course Chat